Port passthrough on 5520

georgiapb78 · ‎01-14-2012

In a cisco firewall 5520 how could you take a public wan connection and pass it to another firewall behind the 5520 without using nat. How could you put a single port on the 5520 into transparent or passthrough much like you can on a broadband modem?

Julio Carvajal · ‎01-14-2012

Hello Ga,

Let me see if a understand, you just want to permit traffic on the firewall on xx port..

Then what you need to do is open that port using an ACL on the interface where the packet will arrive.. If you have nat control enabled on the ASA you can use a nat 0 or a Identity nat this to avoid translating the devices that will receive traffic on that port.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

georgiapb78 · ‎01-14-2012

Yes I have a public ip address from the isp and I wan't to pass all traffic from it to the wan of a sonicwall firewall that sits on a vlan behind the 5520.

currently the 5520 is doing a nat on this traffic and then sending to the wan of the sonicwall which is causing stability problems when i ssl vpn into the sonicwall.

Julio Carvajal · ‎01-15-2012

Hello Ga,

Ok so what you need to do is the nat on the SonicWall and then just an Identity nat on the ASA, at least thats how I see it..

Lets say the internal address is 192.168.12.25 and the public ip address that the host needs to use is 1.1.1.1

so on the sonic wall do the nat 192.168.12.25 to 1.1.1.1

and then on the asa just an identity nat 1.1.1.1 to 1.1.1.1

Let me know if this makes sense. I would like to know If I understand the problem you are facing.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC