Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
401
Views
0
Helpful
1
Replies

ASA 5505 Using Class C Address on LAN ?? Can you help.

russ
Level 1
Level 1

ā€Ž05-29-2015 02:25 AM - edited ā€Ž02-21-2020 05:29 AM

Hi, I have a Cisco ASA 5505, running 9.2(3) / 7.3(3).

Our ISP gave us a routable Class C Address (254) usable.

I would like to use these public routable addresses on the LAN (INSIDE) interface of the ASA.

Since these addresses are routable, I don't want to use NAT.

The LAN clients / servers:

Clients: (5) Windows  Clients, & 1 Mail Server.

I need all LAN (Inside clients) to access internet for browsing.

I need to block all traffic coming from the Internet to Windows Clients, but allow Port 3389 (Remote Desktop), and port 25 for SMTP mail.

 

There is also a Site to Site VPN to another ASA 5505 (same IOS/ASDM).

What is the best way to do this? Static Identity NAT, or NAT Exemption ??

I would like to avoid NAT, completely since I have the luxury of 254 routable public IP Addresses

Thanks.
 

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž05-29-2015 06:23 AM

You can use the addresses natively - just don't put any NAT rules in the config.

You will have to subdivide the /24 into subnets so that the ASA knows which ones to route out the Internet-facing interface and which go to the inside network.

Then just put the security policy you want into the access-list.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card