HI. Ill be doing an install of a T1 to a 2811, then to a ASA5505. Usually Ive done 5505's behind dsl or cable and let the 5505 NAT. But Im assuming Ill be getting a /30 address from the circuit provider, giving me 1 address. This is probably a simple question, but it seems like the 2811 will NAT, the inside interface will be private, then the ASA will provide DHCP for the LAN.
Im just not sure how to config the ASA with all interfaces being private. if someone has a sample config that would be great! Thank you.
/30 usually is between ISP router and your edge L3 device (firewall or router), ISP should provide you another subnet to be use in your network i.e. /29 or depends on how many you request.
However, if ISP is ony assigning you a single subnet /30 which is use between their router and your edge L3 device, it's either you didn't request for additional subnet or this is the only available subnet for the service you requested (or a lousy ISP :) )
Configuring NAT with only /30 in your edge router.
- Between your router and ASA is /30 (i.e. 192.168.1.0/30)
- Inside your ASA is /24 (i.e. 192.168.2.0/24)
- From your router, route 192.168.2.0/24 to ASA
- No NAT needed in ASA
- NAT should be done in the router in which 192.168.2.0/24 is the inside ip address
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...