Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2120
Views
0
Helpful
6
Replies

Connecting Cisco ASA to ISP in bridge mode

jelenb
Level 1
Level 1

‎12-29-2021 06:39 PM - edited ‎12-29-2021 06:49 PM

Good evening everyone. I am trying to setup my home lab. 

I have ISP router (XB7-T) from Xfinity connected to Cisco ASA 5525-X network. My ISP network is  in range 192.168.1.0/24. I plugged internet cable from ISP router to Outside gigaport0/0 on my ASA router (192.168.1.254) and set up static route with next hop to 192.168.1.1 (ISP router). Than I have connected gigaport0/1 (10.0.0.254) to cisco switch, and I plugged my host to the switch. I have also set NAT from 10.0.0.0/24 network to gigaport0/0 (192.168.1.254). Finally, I have also set up DHCP on the port gigaport0/1 (range 10.0.0.100 - 10.0.0.200).

Everything worked fine, all my devices had internet connection but than I wanted to create a tunnel between my lab and AWS it did not go well. 

I decided that I will try again but this time:

1. I will put my ISP router in the bridge mode 

2. I will connect UniFI AP AC Pro Access port for Wifi

 

I am going to setup this tomorrow but I have never set up router in the bridge mode and I would be happy if you can help me out with it. I have already found how to set it up in the bridge mode, what is the WAN address from my ISP and what is WAN default gateway. 


Here are my questions. 

1. What IP address should I assigned to WAN port on my ASA firewall (is it ISP WAN address)?

2. Should I set up static router from ASA firewall to  ISP Gateway (next hop)?

3. I also have some Cisco routers (cisco 1921). Is there an advantage if I use this router? 
4. Will it be easier to setup tunnel to AWS from my home lab using bridge mode (My idea is that with this setup I won't have to double NAT everything).


First diagram shows current setup. Second shows how I imagine it with ISP router in the bridge mode.

1.png

 

 

 

 

 

 

 

 

 

 

 

3.png

 

 

 

 

 

 

 

 

 

 

 

I will greatly appreciate your advices 

0 Helpful
6 Replies 6

AjitKumar
Level 1
Level 1

‎12-29-2021 06:52 PM

Hi @jelenb 

I may be completely wrong. However let me share my understanding.

1. What IP address should I assigned to WAN port on my ASA firewall (is it ISP WAN address)? Yes

2. Should I set up static router from ASA firewall to ISP Gateway (next hop)? Yes (Default route + NAT)

3. I also have some Cisco routers (cisco 1921). Is there an advantage if I use this router? I understand we may not need this.

4. Will it be easier to setup tunnel to AWS from my home lab using bridge mode (My idea is that with this setup I won't have to double NAT everything). True

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
0 Helpful

jelenb
Level 1
Level 1
In response to AjitKumar

‎12-29-2021 06:57 PM - edited ‎12-29-2021 06:58 PM

Thank you Ajit, I think we have the same idea (let's hope it is a good one). I will be setting this over the weekend (I may start tomorrow). I hope it will all go without huge bumps. If I have some problems I will post them over here. Meanwhile, could you please expend little bit on number 2 (Default route + NAT). I am not sure if I understand right. Do you mean that I have to NAT from 10.0.0.0/24 network to 1.1.1.1 (WAN interface) and setup static route from 1.1.1.1 (WAN) to 1.1.1.2 (WAN gateway)?

0 Helpful

AjitKumar
Level 1
Level 1
In response to jelenb

‎12-29-2021 08:18 PM

Hi @jelenb 

Looks like a mistake from my end for the static route.

I understand NAT from 10.0.0.0/24 network to 1.1.1.1 (WAN interface)  should do the job.

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
0 Helpful

jelenb
Level 1
Level 1
In response to AjitKumar

‎12-30-2021 04:24 AM

Thanks for clarifying Ajit. 

Can anyone confirm that we understand the concept correct and this is the right way to set it up?

0 Helpful

jelenb
Level 1
Level 1
In response to jelenb

‎12-30-2021 06:15 PM - edited ‎12-30-2021 07:16 PM

I do not want to start a new topic so I will reply here. 

I have set up my modem in the bridge mode as I was intended to.  Now I have problem with browsing sites...

Here is the strange thing, I can ping 8.8.8.8 or google.com from my ASA, switch, and host. I can even curl google.com from everywhere, but when I try to use browser it doesn't work. 

Here are a few question that if you able to answer I maybe able to solve the problem. 
1. Once I put my modem in the bridge mode, ASA got public IP, but the public address is different than before. 

I have assigned static route from outside 0.0.0.0 to 0.0.0.0 to the old gateway, but I am not sure if the old gateway will work with the new IP address (how do I find out new WAN gateway address if I need to change it?)

 

2. There is an option in ASA (ASDM) to setup DNS (under device manager). Should I set it up or should I just set it up with DHCP on hosts? Does it have to be ISP DNS or I can use any DNS? 

3. I only NAT Inside (10.0.1.0/24) to OUTSIDE (WAN). Should I also NAT from Outside (WAN) to inside?
4. Any suggestions? Ideas? Can I provide some additional info to make it easier? 


**UPDATE - this got even more strange now ... I tried browsing from a different host, and I am able to but only certain sites. For some sites it works, for other it doesn't (most doesn't). 

 

Also, ping google.com works but ping www.google.com doesn't (it knows the IP but there is no response). 

Please help...

0 Helpful

jelenb
Level 1
Level 1
In response to jelenb

‎12-31-2021 10:48 AM

Never mind, I solved it myself... 

In act of desperation, I cleared my ASA to factory setting, started over and everything works now.

0 Helpful
Customers Also Viewed These Support Documents