Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA5505 instead of a router?

Verizon is activating a line for us today they call a "10 meg" or a "LAN".

They said the only requirement is a regular fastethernet interface.

Instead of using the Cisco 1841 we currently use (T1), i thought of using a clean factory default ASA 5505.

1. Will this idea of using an ASA and skipping the Router alltogether work?

2. never worked with an ASA before, what other points do i need in order to make the test work?

by test i mean getting an Internet access by connecting an internal LAN switch to one of the ASA ports and having a PC get online access.

once this test works, i will obvisouly need to recreate the various NATs and CALs i currently have on the 1841.

any advice would be appreciated.

this is what Verizon provided:

NOTICE: This Ethernet Order (MUST) be assigned a /30 Address to be used

on your WAN Side Interface. All CIDR allocations will be routed

statically or via BGP.

* Ethernet: II

* Ethertype: 0x0800 (IP), 0x0806 (ARP)

* CRC: 32-bit

* MTU: 1500 bytes

* ARP: Enabled

* Proxy ARP: Disabled

* IP WAN interface: /30 subnet


Subnet Mask:

VZ side IP:

Sample Config Ethernet: II VLAN TAGGED:

(Note the VLAN Tag will be available at the end of the install process.

We will provide it as soon as we receive it from telco.  Thanks.)

interface FastEthernet0/0

description WAN

no ip address

duplex full

speed 100

no shutdown


interface FastEthernet0/0.1

encapsulation dot1Q xxx !!(MANDATORY vlan tagging ID)

ip address x.x.x.x !!Verizon provided WAN IP

no shutdown


interface FastEthernet0/1

description LAN

ip address LAN IPs

no shutdown

duplex full

speed 100


ip route WAN IP VZ side


Hall of Fame Super Gold

ASA5505 instead of a router?

You could use an ASA5505 instead of a router and get it to work. Assuming that you will have a public address on the outside interface and a private address on the inside interface (your LAN side) the address translation that the ASA wants to do would be helpful. If your network is pretty simple with your private network as the LAN side and Verizon as the WAN side and only a single way to get in and out of your network  then the ASA is an appropriate gateway device. And the implicit security policies that it implements (security level of outside is less than security level of inside and so traffic from outside is not allowed to initiate connections to inside) may be appropriate.



CreatePlease to create content