Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1295
Views
0
Helpful
2
Replies

External static ip setup for 5506-x asa

Go to solution
sp7412
Level 1
Level 1

‎01-23-2019 07:43 AM - edited ‎02-21-2020 08:41 AM

I'm trying to configure the outside interface of my 5506-x. I have a static ip from my ISP (Comcast) that I want to point to the outside interface of my ASA so that I can setup a VPN with a remote office.

 

Does the ASA support NATing (meaning that my comcast modem could point the external static ip to an internal ip for the ASA? Or do I need to set the static ip of the ASA to be the static ip from Comcast?)

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎01-23-2019 12:58 PM

if i were you i do these steps.

 

1. you have a public static ip adress thats a plus point

2. on your modem setup a port forwarding to you ASA.

3 from the ASA create a anyconnect configuration and when it come to use a port no. use the port no you gave it to your ASA.

4. now when from the remote side you connect to your public ip address (6.6.6.6:8443) your router will forward the port no to your ASA and than you can connect to your anyconnect module.

 

let me know if you need help I have a similar setup at my home lab.

please do not forget to rate.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-23-2019 08:34 AM

best to have public Static IP to ASA Outside interface to minimize other issues around NAT-T

 

if not, you need to have static NAT from ISP router to ASA outside interface. so VPN users can connect to ASA.

 

example document to help :

 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html#anc8

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP

‎01-23-2019 12:58 PM

if i were you i do these steps.

 

1. you have a public static ip adress thats a plus point

2. on your modem setup a port forwarding to you ASA.

3 from the ASA create a anyconnect configuration and when it come to use a port no. use the port no you gave it to your ASA.

4. now when from the remote side you connect to your public ip address (6.6.6.6:8443) your router will forward the port no to your ASA and than you can connect to your anyconnect module.

 

let me know if you need help I have a similar setup at my home lab.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card