Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Link on ASA directly

Hi,

I got my internet link on ethernet.I need to terminate the this to my ASA 5510.

Question:

Will i be able to go to internet??

Do i need to define name -server (i.e the DNS by isp) to my firewall?for router it used to be like this ip name-server 202.x.x.x.Is it the same in ASA?

If i am having only one public ip that too on my outside interface then how should I PAT?

Can somebody provide me Access-list scenarios in this case as well.I am doing ASA for first time.know access-list in router.As far as firewall is concerned I worked on checkpoint and fortigate GUI.How to customize the services.What does fixup do?????

Thanks in advance...

Reg,

Sushil

  • Other Security Subjects
3 REPLIES
New Member

Re: Link on ASA directly

Any answer on this?

Reg,

Sushil

New Member

Re: Link on ASA directly

What do you mean Internet on Ethernet?

Do you mean that you will have a public IP address available that can be used to configure the outside interface of the ASA.

If yes, then you have nothing to worry about.

Set the inside interface to the Private IP address of your LAN and use PAT for traffic

global (outside) 1 interface

nat (inside) 1 192.x.x.x 255.255.255.0 (private LAN subnet)

You can use static Rules and access lists to re-direct incoming traffic like SMTP or OWA to specific servers

static (inside,outside) tcp interface https host 192.x.x.x https

static (inside,outside) tcp interface smtp host 192.x.x.x smtp

Access List and Group commands as required. Note that the masks work differently as those on routers.

The fixup commands were used on the old PIX models. The ASA uses inspection policies and are already setup for most common traffic scenarios.

The ASA also has a GUI interface ASDM which makes it much easier to configure the ASA.

A link to a helpful document is below:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Good Luck

Bosco

Gold

Re: Link on ASA directly

sounds like his ISP is handing off an standard ethernet connection (perhaps a 10mbps?)...

you should be able to plug that in directly...

if their connection is coming from a switch, you can use a standard straight through cable, if it's coming from a router, you will probably need a x-over cable.

107
Views
0
Helpful
3
Replies
This widget could not be displayed.