cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1332
Views
0
Helpful
9
Replies

Help me configure my ASA5505

Hello guys,

Please help me to configure my ASA5505 with a router cisco 2900 series behind it. My toplogy is the following:

 

internet -> ASA5505 -> Cisco 2900 -> Switch

internet -> 10.1.1.1 -> 192.168.100.1 ->Switch

When I connect a computer behind the ASA5505 directly I have internet on it.

When I connect a computer behind the Cisco 2900 Router I don't have internet, but can ping 10.1.1.1.

 

Can you give me advice how to configure the ASA5505 that I have internet on the Cisco Router?

 

Thank you.

9 Replies 9

Rob Ingram
VIP Expert VIP Expert
VIP Expert
Hi,
So does the 2900 router have a default route pointing to the inside interface of the ASA?
Does the ASA have a route to the networks behind the router pointing to the IP address of the 2900 router?
If NAT configured for the network you are trying to access the internet from?

If you provide the configuration of the devices we can determine where the issue is.

HTH

Hey,

 

I will provide the configurations at the end of next week. The Cisco router does not have default route set, because im not sure how to add it. Inside the asa I have set the route to Cisco Router.

If the router does not have a default route set, then traffic would not be routed to the ASA. Here is an example to configure a default route on the router.

"ip route 0.0.0.0 0.0.0.0 192.168.x.x" - replace x.x with the correct IP address of the ASA's inside interace.

And my other question is - do I need that Cisco 2900

 

Can I exclude it and use only the ASA5505 as a firewall and a router?

INTERNET -> ASA5505 -> Internal Network

I expect to have about 150-200 ips on the internal network.

 

Thank you.

Hi,
Yes, you could just use the ASA, you would set the ASA's IP address as the default gateway of the computers.

HTH

And what are the disadvantages of using only ASA? Are there any? Maybe security or slowness ?

The ASA 5505 is End of life, if you have 150-200 connections behind the firewall it might impact performance.

No need to use the 2900 router.

 

You may wish to replace this firewall with the newer Firepower hardware, info here.

 

HTH

Thank you for the answers. Do you think that a Mikrotik CCR1009-7G for example can handle the job to be a good firewall and a router? Thank you again RJI.

It depends on your environment (large enterprise or small business or small home network) and what features you require. It seems more of a router than a firewall. A dedicated firewall will provide more security than a router, a firewall will also do routing.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers