11-11-2011 05:56 AM - edited 03-11-2019 02:49 PM
Hello, I have a cable modem internet connection and my cable modem is connected to an ASA 5505. The inside interface of the ASA has an IP address of 192.168.2.2 and is connected to a Linksys router's internet port which has an IP address of 192.168.2.1. The Linksys router then has a local area network of 192.168.1.0 and all my clients are on that network. Everything is working fine except in my ASA logs all the traffic shows up as the router's external address which is 192.168.2.1. I would like to see the 192.168.1.x address of the clients in the ASA firewall. I've tried making some changes to the Linksys router but that hasn't resolved it. Is there any changes I can make on the ASA to get this to work? Below is some of the config:
ASA Version 8.2(5)
!
hostname djchristasa
enable password k7X9tTHKoCUET/3Z encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
ASA Version 8.2(5)
!
hostname djchristasa
enable password k7X9tTHKoCUET/3Z encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
I didn't post ACL's and some other things. Please let me know if you need more.
Thanks,
Dave
Solved! Go to Solution.
11-13-2011 06:54 PM
Dave
The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.
One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.
HTH
Rick
11-11-2011 06:20 AM
Hi,
if your Linksys is doing NAT that is normal. Is there a way to disble NAT on such routers, I don't know but you should ask in the small business section and maybe they will tell you how to do it if it's possible.
Regards.
Alain.
11-11-2011 06:33 AM
The Linksys is doing NAT. When I disable the NAT on the Linksys router I lose my internet connection.
11-13-2011 06:54 PM
Dave
The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.
One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.
HTH
Rick
11-13-2011 07:52 PM
Hi Dave,
In linksys router there is a option where we can select the router mode. By default gateway is the mode. make it as router. and configure default route to ASA's inside IP address. Also put a route in ASA to route to LAN network. you can configure as below.
route inside 192.168.1.0 255.255.255.0 192.168.2.1
I hope this will work.
Thanks
Vipin
11-14-2011 03:55 AM
I had my route in ASA going to 192.168.1.1 instead of 2.1. I then turned off NAT on router and everything works correctly. Thanks for help.
11-15-2011 05:36 AM
Dave
Thanks for posting back to the forum to indicate that you have solved the problem. I am glad that my suggestion pointed you toward the solution. Thank you for using the rating system to indicate that the question was answered (and thanks for the points). It makes the forum more useful when people can read about an issue and can know that a solution will be in the thread. Your marking has contributed to this process.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide