Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
3
Replies

Link on ASA directly

itindia
Level 1
Level 1

‎04-14-2008 03:21 AM - edited ‎02-21-2020 01:58 AM

Hi,

I got my internet link on ethernet.I need to terminate the this to my ASA 5510.

Question:

Will i be able to go to internet??

Do i need to define name -server (i.e the DNS by isp) to my firewall?for router it used to be like this ip name-server 202.x.x.x.Is it the same in ASA?

If i am having only one public ip that too on my outside interface then how should I PAT?

Can somebody provide me Access-list scenarios in this case as well.I am doing ASA for first time.know access-list in router.As far as firewall is concerned I worked on checkpoint and fortigate GUI.How to customize the services.What does fixup do?????

Thanks in advance...

Reg,

Sushil

0 Helpful
3 Replies 3

itindia
Level 1
Level 1

‎04-14-2008 10:23 PM

Any answer on this?

Reg,

Sushil

0 Helpful

boscom
Level 1
Level 1
In response to itindia

‎04-17-2008 03:38 PM

What do you mean Internet on Ethernet?

Do you mean that you will have a public IP address available that can be used to configure the outside interface of the ASA.

If yes, then you have nothing to worry about.

Set the inside interface to the Private IP address of your LAN and use PAT for traffic

global (outside) 1 interface

nat (inside) 1 192.x.x.x 255.255.255.0 (private LAN subnet)

You can use static Rules and access lists to re-direct incoming traffic like SMTP or OWA to specific servers

static (inside,outside) tcp interface https host 192.x.x.x https

static (inside,outside) tcp interface smtp host 192.x.x.x smtp

Access List and Group commands as required. Note that the masks work differently as those on routers.

The fixup commands were used on the old PIX models. The ASA uses inspection policies and are already setup for most common traffic scenarios.

The ASA also has a GUI interface ASDM which makes it much easier to configure the ASA.

A link to a helpful document is below:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Good Luck

Bosco

0 Helpful

srue
Level 7
Level 7
In response to boscom

‎04-18-2008 06:37 AM

sounds like his ISP is handing off an standard ethernet connection (perhaps a 10mbps?)...

you should be able to plug that in directly...

if their connection is coming from a switch, you can use a standard straight through cable, if it's coming from a router, you will probably need a x-over cable.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card