Re: Advice on setting up an ASA5506-x

Martin · ‎02-05-2019

Hi,

My current setup is that I have a 2960S switch which links to a 897VA on a trunk link, the 897VA is setup with 6 vlans for various networks. The 897VA is also setup with ADSL connection to Plusnet via the built in VDSL controller it is also setup as DHCP server and has PAT for the various networks.

What I would like to do is to insert the 5506-x in-between the 897va and plusnet, to have the 897va to still perform DHCP for the networks and then pass any internet traffic over to the 5506-x and for that to perform any PAT translations and then talk to Plusnet directly.

The 897va does have a WAN port that can only be setup as a layer 3 port (maybe able to do sub interfaces but not tried this) and the other interfaces can only be setup as layer 2

So any ideas/diagrams/config examples would be very appreciated

Mohammed al Baqari · ‎02-05-2019

You can use ASA in transparent mode between the router and ADSL modem.
However, you need two IPs from the DHCP, one for the router and one for the
BVI interface of your transparent firewall.

BVI - DHCP IP
ADSL ------- G0/0 (ASA5506-X) G0/1 ------ (DHCP IP) 897VA

Then you can do nat on the transparent firewall but you need to have rule
to allow DHCP assignment.

Martin · ‎02-05-2019

Any examples on how I configure that?

Mohammed al Baqari · ‎02-05-2019

What I suggested is what you described. TP firewall can do PAT. Your
multiple vlans are on the inside of the router not between router and adsl

Mohammed al Baqari · ‎02-05-2019

https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_complete_transparent.html#wp1321042

Martin · ‎02-05-2019

thanks for the reply, but do you have a simpler guide to follow, the cisco documentation always confuses me even for simple things

Martin · ‎02-06-2019

Is there anyway it can be done on a routed solution?