Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
3
Replies

Network Edge Ethernet Internet

brandonbittinger
Level 1
Level 1

‎07-02-2017 02:24 PM - edited ‎03-05-2019 08:47 AM

Hello All, 

Our edge currently consists of a Cisco ASA 5512-x and a Cisco ISR 1941. Our primary ISP is Centurlylink and we have Metro E through them as well as our primary internet connection. With our internet subscription they assigned us a point to point address that is assigned to the Cisco ISR 1941 and two blocks of public IP addresses, one of which is configured on the inside interface of the ISR 1941. This was setup by a vendor before my time. What I am looking to do it take the 1941 out of the picture and assign the point to point address right to the outside interface of the ASA. If my understanding is correctly proxy ARP should reply to the addresses in the two IP blocks if there is a corresponding NAT rule made. Is that a correct assumption? Is there any special configuration that is necessary? 

I would really like to eliminate this device because as far as I can tell it has no need to be there. I am looking to confirm that theory. We do not have BGP or anything special like that either. 

Any help is greatly appreciated! 

Labels:
0 Helpful
3 Replies 3

Julio E. Moisa
VIP Alumni
VIP Alumni

‎07-02-2017 03:18 PM

Hi

You are right, You can remove the router and move all the configuration to the firewall, NAT, default route etc. As I know you dont need any special NAT configuration because the ISP is providing 2 blocks over the same vlan at its end. 1 subnet is the primary and the second one is configured as secondary under the same vlan at ISP side. 

The NAT configured on the ASA will have communication to both blocks as the NAT IP (public) is part of the networks under the ISP Vlan. 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

brandonbittinger
Level 1
Level 1
In response to Julio E. Moisa

‎07-02-2017 07:04 PM

That is the answer I was looking for? So I will apply the Point to Point address to the outside interface of the ASA then remove my old default route that was from one of my blocks pointing to the inside interface of the 1941. Then add the default route of the ISP router. 

In theory all of my existing rules should function, is that correct? Right now all of the NAT is done on the firewall and all the 1941 does is use one default route to the ISP. It's basically useless! 

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to brandonbittinger

‎07-02-2017 08:31 PM

All the rules should work but take in consideration you need to create the default route on the firewall through outside interface and create a NAT to specify which subnets are going to have access to Internet. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents