Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
1
Replies

Setting up NAT with firewall behind router

matthew.norman
Level 1
Level 1

‎08-19-2016 04:25 AM - edited ‎03-05-2019 04:31 AM

Hello all,

I am just learning the basics of ASA configuration.

I have seen many people state that it is better to have the ASA sit behind a router instead of on the edge.

In this scenario, would I configure NAT to access the internet on the ASA or would I do it on the edge router?

I am also looking to set up a site to site VPN tunnel usinf IPSec over GRE. Would this be done on the ASA or the router in this setup.

So far I have learn't to do the above on routers. They seem fairly straight forward to configure on the ASA I am just not sure how it is affected by having a router after the firewall.

Appreciate any advice.

Matt

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎08-19-2016 06:34 AM

Hi

You can do both designs. I mean :

  1. You can have NAT and VPN on ASA while your router is connected with ASA with private IPs. In that case all natting are managed on ASA.
  2. You can also have NAT and VPN termination on router behind ASA but it will require Public IP to Router as well.
  3. You can also have the router facing internet and ASA as internal firewall. NAT will be done on router as well as VPN termination

The most common use case is using design 1 or 2 on small and medium networks.

Hope this answer your question.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card