Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5505 settings

Hi,

I'm trying to setup an ASA5505. At the moment I'm trying to have a DSL connection with an static IP till I get my leased cct. However the internet IP range the ISP has given me is not in the same subnet as the DSL IP. I tried switching setting the DSL router in to bridge mode, but then it shuts the internet connection all to gether.

I'm running out of options of how to set up the outgoin port of the ASA5005 to internet via DSL. Can someone put me in the right direction please.

Thanks in advance.

Anuradha.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ASA5505 settings

What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.

10 REPLIES
New Member

Re: ASA5505 settings

What mode are you using the firewall in ...transparent or routed mode ?

New Member

Re: ASA5505 settings

When I put the firewall in to Transparent mode (Zyxel DSL router) it doesn't talk to internet at all. So I really don't have a option other than going with routed option.

New Member

Re: ASA5505 settings

Well if you hook the management port up to the routable DLS network you can manage it in transparent mode.

hope this helps

New Member

Re: ASA5505 settings

Sorry I didn't get you there. DSL router is having only a single IP. So it's ethernet ports are on privet IP range.

My problem is how would I terminate my VPNs if I use private IPs between the ASA and the DSL ethernet.

Thanks a lot for your input.

New Member

Re: ASA5505 settings

What are the capabilities of the DSL terminiation point ? If the DSL device has the ability to NAT RFC1918's/private IP's then you can have one private subnet behind firewall and one in front... DSL--->crossover>---outside firewall IP's 192.169.1.0/24 --- Inside firewall IP's 192.168.2.0/24. IPsec/vpn establishment through the firewall shouldnt be an issue depending on the ACL's/rule sets you have built. This depends on the type of DSL connection/DSL equipment.

New Member

Re: ASA5505 settings

Thanks Jim,

It's just a Zyxel DSL router which does basic NAT and firwall. I will try your recomandation. Once again thanks a lot.

Anuradha.

New Member

Re: ASA5505 settings

No problem :) please let me know if you run into any snags I am not to familiar with the Zyxel DSL router

-Jim

New Member

Re: ASA5505 settings

Can you terminate L2L in the scenario you describe above? I have always that you needed to utilize a static "public" addresses for this. For the question listed by the poster I would suggest setting your DSL router to transparent mode and then do the PPPoE authentication on the ASA so the ASA has a static address on it.

However I am interested in discussing the pros and cons of this method vs leaving it nat'ed.

New Member

Re: ASA5505 settings

Hi,

I changed my job before finalising this issue. At new place I hardly deal with FW stuff. It's mainly routing and switching.

Thanks for your comments.

Anuradha.

New Member

Re: ASA5505 settings

Thats no problem ... I was just wondering how you were doing with the asa.

313
Views
0
Helpful
10
Replies
CreatePlease login to create content