Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2911 and ASA 5512 remove double NAT

Greetings,

i have 2 Subnets on Cisco 2911 router

192.168.3.0/24 and 192.168.1.0/24

3rd Network 192.168.4.0/24 is natting internal interface to modem for internet access. which creates 2 NATs (NAT in router and NAT in Modem)

i have just bought Cisco ASA 5512, any chance i can remove NAT from Cisco 2911 router and put default gateway to Cisco ASA ??

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

yeah..... you are correct...

yeah..... you are correct....

you should ensure that you get the traffioc routed from LAN to hit the ASA inside interface.... in ASA you can do PAT/NAT for the internet access......

 

Regards

Karthik

6 REPLIES

Hi, If you are going to place

Hi,

 

If you are going to place your asa in between router and modem then you can remove that nat over interface of router and you can put that as a gateway to asa's inside interface and from ASA you can do  based on your needs.

 

Regards

Karthik

New Member

no, i will be removing modem

no, i will be removing modem as and replacing it with ASA. but i dont think Internet access will work while NAT removed on Router.

 

should i point 192.168.4.1 (ASA IP) as default route on Cisco Router? and remove NAT from it.

will NAT work on ASA ?

okay..... in modem you would

okay..... in modem you would have a option to nat only on the connected interface segment, that is why you have used interface of router to nat and  go out in internet.....

 

if you place ASA, then you will be having internet connected on outside interface.... and your LAN(router) is connected in inside interface of firewall ..... so you do not need to nat the LAN traffic in router.... instead you can add default route pointing to inside interface ip of firewall..... 

NAT/PAT you can configure on ASA with its interface / public ip stack.

Internet cloud <-->  Cisco ASA <--->router <--> LAN

 

Regards

Karthik

 

New Member

so in short setup should be

so in short setup should be like this

 

Cisco 2911 - 3 Subnets 192.168.1.0 - 3.0 and 4.0 - NO NAT Here.

 

ASA's Interface with IP 192.168.4.1 should be default route for Cisco 2911 Router ? while ASA's other interface is connecting directly to Internet ? and a NAT between these Interfaces ?

yeah..... you are correct...

yeah..... you are correct....

you should ensure that you get the traffioc routed from LAN to hit the ASA inside interface.... in ASA you can do PAT/NAT for the internet access......

 

Regards

Karthik

New Member

 Ok thanks ill do that.

 

Ok thanks ill do that. Appriciated

289
Views
0
Helpful
6
Replies