Re: configure asa 5505 router to work with a ISP modem/router

musclemania05 · ‎06-07-2018

Hello guys so I have situation that im trying to figure out. I have a asa 5505 router that's behind a hughesnet modem/router to communicate with the outside world. The issue is that both are acting like a router and dhcp server. I have tried to configure the hughesnet modem/router in bridge mode so that it just acts like modem but its still spitting out IPs and acting like dhcp server and I cant figure out how to turn this feature off. I saw that there feature of NAT that you can turn off and not sure if this would help. If this doesn't help in what way can I configure the ASA router to work with the modem/router so I can still remote in and view stuff on my inside network?

Steven Case, MBA-ITM · ‎06-07-2018

Well this all depends.

NAT can still be used on Hughes, and is independent of DHCP. Bridging should disable the DHCP, but you usually need to make this adjustment on the interface level.

If you can't manipulate the Hughesnet in a fashion above, then the ASA will still work, provided you gather all the necessary information. If you have only one static, the NAT on the Hughesnet will adequately perform the task of giving your VPN concentrator a global IP you can route to. If you have more than one, check to see if you can set that NAT address to the port of your ASA and leave the default NAT for all other interfaces. DHCP your uplink to the Hughesnet, then check to see if you can NAT the ASA (this will be so much easier). If you can, set up the DHCP for your internal network, NAT it to the interface linked to Hughesnet, and your routing shouldn't suffer. Configure the VPN tunnel to terminate at the uplink interface to Hughesnet, give it an IP segment of the internal network (or don't... If you use the ASA as a routing appliance it can route between the networks), and all will work.

The 5505 is a super tricky beast that I sometimes miss. You'll want it in routed mode for all of this, which requires setting it up that way or basically doing a Factory Restore if it is in "Bridge" mode.

Lots of fun. Let me know if this doesn't help.

musclemania05 · ‎06-07-2018

hughesnet technical support told me that if I disable the wifi frequency that it would make it act like straight modem but that is not true cause the modem was still spitting out IPs. The modem is HT2000w.

I use VPN client to do the VPN and your saying that I need to use the wan IP of the modem as the static IP?

Steven Case, MBA-ITM · ‎06-07-2018

Yes, this address is the portal address you'll need. NATing from Hughesnet to the global address on their Egress (to them). Cisco VPN uses UDP 500 and 4500 (NAT-T), so you can be certain this won't conflict with most traffic.

You'll need that static to be the VPN portal address.

musclemania05 · ‎06-07-2018

okay so put the hughesnet modem/router(HT2000w) into bridge mode so with that said ill leave all the settings on the hughesnet modem/router(HT2000w) alone and concentrate on configuring the ASA for NAT.

Fist I will put the ASA in NAT mode and use the WAN IP(100.67.217.98) of hughesnet modem/router(HT2000w) as the vlan2 of ASA correct?

specify port number for udp and nat-t in the ASA?

Set the inside network of ASA in DHCP. ?

musclemania05 · ‎06-07-2018

Sorry I meant to say I CAN'T put the hughesnet modem/router(HT2000w) into bridge mode.