02-09-2013 11:36 AM - edited 03-11-2019 05:58 PM
Hi,
I need to replace two small firewalls with an ASA. The ASA will need to support static PPPoE and dynamic PPPoE on different outside ports.
I'm looking for an example of either configuration and confirmation that the ASA can handle this setup (not load balancing or failover).
One connection is used for outbound Internet traffic and the other is used for inbound traffic to natted servers.
Thanks.
Solved! Go to Solution.
02-09-2013 11:46 AM
Hello Lcaruso,
As you know with the ASA you can only have one active default gateway at the time ( on the routing table you can have only one default route over a specific interface)
Now let's say you have a server that you would like to access on port 80 from outside using a different Ip address than the one it uses with outbound packets,
I will do :
static (inside,outside) tcp interface 80 192.168.12.2 80
nat (inside) 2 192.168.2.2
global (outside) 2 4.2.2.2
In this case incoming traffic on port 80 will need to point the outside interface,
Any other traffic innitiated on the server side will look like 4.2.2.2 instead of the outside interface
PPPoE Setup on ASA's
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080ab7ce9.shtml
02-09-2013 11:46 AM
Hello Lcaruso,
As you know with the ASA you can only have one active default gateway at the time ( on the routing table you can have only one default route over a specific interface)
Now let's say you have a server that you would like to access on port 80 from outside using a different Ip address than the one it uses with outbound packets,
I will do :
static (inside,outside) tcp interface 80 192.168.12.2 80
nat (inside) 2 192.168.2.2
global (outside) 2 4.2.2.2
In this case incoming traffic on port 80 will need to point the outside interface,
Any other traffic innitiated on the server side will look like 4.2.2.2 instead of the outside interface
PPPoE Setup on ASA's
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080ab7ce9.shtml
02-09-2013 12:01 PM
Thanks much for the link and your example.
Not sure if I have it all down.
outside1 is interface connected to ASAs default gateway
outside2 is interface for incoming server connetions
local address 192.168.100.12 will be made available on port 80
ala 8.3+
object network 192.168.100.12
host 192.168.100.12
nat (inside,outside2) static interface service tcp www www
object network inside-network
subnet 192.168.100.0 255.255.255.0
nat (inside,outside1) dynamic
route outside1 0.0.0.0 0.0.0.0 foobar
Does that work?
02-09-2013 01:49 PM
Hello,
You should also have a default gateway pointing outside 2 and ofcourse the ACL permitting the inbound traffic on Outside 2.
I have seen it working so go ahead and try it and keep us posted
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: