Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ISA 570w perform Inline mode?

Hi all

I have a question about Cisco ISA 570w. Can its function operate Inline mode?

6 REPLIES

Re: ISA 570w perform Inline mode?

I'm not sure I understand what you mean by inline mode. Would you mind expanding further on your desired result?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Community Member

Re: ISA 570w perform Inline mode?

Hi Shawn

I want my ISA firewall was placed between ADSL router and my computer and perform to filter traffic to go out internet.

But it seem the packet go out to internet it has to NAT from ISA before it goes out internet

Re: ISA 570w perform Inline mode?

I see what you're saying now.  Ultimately there's two ways to accomplish this.  The ideal method would be to change your DSL router to Bridge Mode and let your ISA handle everything.  Alternatively, you can change the ISA to Routing Mode by going to Networking -> Routing -> Routing Mode and set WAN/LAN Routing Mode Enable to ON.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Community Member

Re: ISA 570w perform Inline mode?

I have enabled WAN/LAN routing mode to ON but unfortunately I can't ping to 8.8.8.8 and access internet. But I can ping to ADSL router IP.

I checked the routing table is default and I saw the routing to internet was routed to ADSL router IP. I added firewall policy any-any at LAN to WAN zone and WAN to LAN zone.

I have to configure anything else?

Re: ISA 570w perform Inline mode?

More than likely the reason that you can't ping past the ADSL router is because it's assigning a private ip (i.e. 192.168.1.x) to your ISA WAN interface and your ISA is assigning a private ip (i.e. 192.168.75.x) to your systems.  However your ADSL router is only NAT/PAT 192.168.1.x.  Is it possible, in your ADSL router, to tell it to also NAT/PAT IPs from your ISA LAN subnet?

You shouldn't have needed to added either of those Any-Any statements in the firewall policy.

As I mentioned previously, this would all be a lot easier if you just bridged your ADSL router and let the ISA do all the work.  If you can tell me the make and model of your ADSL router, I can probably find the instructions to bridge it.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Community Member

Re: ISA 570w perform Inline mode?

Thank you for your suggestion

I'll try

Sent from Cisco Technical Support iPhone App

876
Views
5
Helpful
6
Replies
CreatePlease to create content