11-03-2016 09:56 AM - edited 03-12-2019 01:29 AM
Hello all,
I have a question and I am hoping you can answer it for me.
I have a situation where I am going to have a isr 1941 connected to an ASA 5508.
The public IP for the outside interface of the router and the ASA need to be on the same /29. This will mean my connection will have to pass through my inside interface of the Router.
I know it can be done, I just cant find the right article to show me examples.
Also I need a good article that can show me how to pass traffic from the ASA to the Router if my router will be at the border and the ASA is behind it.
11-03-2016 05:41 PM
Hi Gregory,
Could you please explain your query in little more detail. For now, I understand that the router's outside interface will be connected to the ASA, which makes ASA the border device, however you are saying the opposite.
If possible, just make a rough topology and confirm your exact query.
To be honest, it does not look to be a big task, as all we need to do is to apply interface level configuration on ASA and apply some access rules to allow the traffic.
-
Pulkit
11-04-2016 02:57 AM
Yes it is the opposite. The current environment does not have a router. It is just the firewall. We will be putting a Router at the Border to do DMVPN. We currently have a meshed topology through Site to site VPNs on the ASA. While doing this transition we need to keep that ASA VPN connection up from all the remote sites which means I have to have a public IP on both the outside interface of the Routers as well as the ASA. I do not have 2 seperate blocks of public IPs just a single /29. I need to place the 2 outside interfaces on the same subnet and pass the traffic through the inside interface of the router.
Internet----Router-----Firewall
11-04-2016 12:16 PM
If you have an open ip from your ISP provider and your current meshed topology is internet facing,apply an open public ip address to the router and place it in parallel to the ASA. Then you can drop a tunnel on the ASA and bring it up through the router.
Another alternative is to attach the "outside" interface of the router to the ASA and apply a static nat using an open public ip address to leverage the protection the firewall brings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide