asa and router

Joli Martinez · ‎10-29-2011

I would like to setup a small home network with an ASA firewall and an 871 router for testing purpose so I can get familar with the ASA commands and concepts. Is there sample config I can be pointed to?

vipinrajrc · ‎10-29-2011

Hi,

Place the 871 router to the public n/w and place the ASA behind that like internet --> router -->ASA.

ASA basically has twi interfaces one is inside and other is outside interface.

inside has a security level of 100 and outside has a security level of 0. By default inside to outside traffic is permitted.

That be default traffic from a high security interface to low security interface traffic is permitted.

If you want to any connection from outside to inside you should use access-lists to open that conenction explicitly.

In your case. default route to internet should give to the router. Then create route to internal network in the router also with the next hop IP address as the ASA's outside interface.

Please check below thread for the same

https://supportforums.cisco.com/thread/2001644

HTH. Please rate this post if it is helpful

Thanks

Vipin

Thanks and Regards, Vipin

Haris P · ‎10-29-2011

The below is a sample config

to give IP address on outside interface (x.x.x.x is the public ip on outside interface)

interface Ethernet0/0

nameif outside

security-level 0

ip address x.x.x.x 255.255.255.0

!

Define IP on inside also

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

For PAT configuration , all 192.168.1.0/24 network will be PATed with outside interface IP

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0

For one to one NAT config

static (inside,outside) x.x.x.3 192.168.1.3 netmask 255.255.255.255

Giving default route

route outside 0.0.0.0 0.0.0.0 212.76.69.1 1

Regards

Haris P