Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is it possible to bridge our external network to an internal interface?

We are planning on buying one of Ciscos appliance solutions (the ASA 55xx series) and would like to know if it's possible to bridge our RIPE assigned external IP-range to be used on an internal interface?

Our business demands that we can continue to use the same server IP's as we have today (they are hardcoded in some of our industrial applications) behind the ASA.

If this is possible, do you have any suggestions on where to look to find examples for setting this up (we have searched, but found nothing).

Best regards,

Ann-Marie

Digital Information AB

Sweden

3 REPLIES
Silver

Re: Is it possible to bridge our external network to an internal

You can achive your goal through NAT . Reasons are the security appliance uses proxy ARP to answer any requests for mapped addresses, and thus intercepts traffic destined for a real address. This solution simplifies routing, because the security appliance does not have to be the gateway for any additional networks.

New Member

Re: Is it possible to bridge our external network to an internal

But if I do not wish to use NAT? I would just like to subnet our network into 4 subnets and use each subnet on one of the interfaces. Then I can assign different security levels and traffic policies to each subnet, without having to use NAT. Or?

Best regards,

Ann-Marie

Gold

Re: Is it possible to bridge our external network to an internal

Yes but No and what do you realy want to do with it. The answer to this question commands what you can do with the firewall.

Ie do you want to be able to terminate VPN ?

If yes then forget about Stealth mode wich is used for bridging and so on.

But yes of course you can pass the firewall without using NAT (or rather Nating the addresses to themselves. However I would recomend against using it that way.

You actually loose great functionality. And you will loose a little bit more than 1/4th of your outside network.

imho its better to change the licensekey ip to a RFC 1918 address.

Regards

Torbjörn

99
Views
0
Helpful
3
Replies
CreatePlease login to create content