01-23-2019 07:43 AM - edited 02-21-2020 08:41 AM
I'm trying to configure the outside interface of my 5506-x. I have a static ip from my ISP (Comcast) that I want to point to the outside interface of my ASA so that I can setup a VPN with a remote office.
Does the ASA support NATing (meaning that my comcast modem could point the external static ip to an internal ip for the ASA? Or do I need to set the static ip of the ASA to be the static ip from Comcast?)
Solved! Go to Solution.
01-23-2019 12:58 PM
if i were you i do these steps.
1. you have a public static ip adress thats a plus point
2. on your modem setup a port forwarding to you ASA.
3 from the ASA create a anyconnect configuration and when it come to use a port no. use the port no you gave it to your ASA.
4. now when from the remote side you connect to your public ip address (6.6.6.6:8443) your router will forward the port no to your ASA and than you can connect to your anyconnect module.
let me know if you need help I have a similar setup at my home lab.
01-23-2019 08:34 AM
best to have public Static IP to ASA Outside interface to minimize other issues around NAT-T
if not, you need to have static NAT from ISP router to ASA outside interface. so VPN users can connect to ASA.
example document to help :
01-23-2019 12:58 PM
if i were you i do these steps.
1. you have a public static ip adress thats a plus point
2. on your modem setup a port forwarding to you ASA.
3 from the ASA create a anyconnect configuration and when it come to use a port no. use the port no you gave it to your ASA.
4. now when from the remote side you connect to your public ip address (6.6.6.6:8443) your router will forward the port no to your ASA and than you can connect to your anyconnect module.
let me know if you need help I have a similar setup at my home lab.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide