cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1222
Views
0
Helpful
5
Replies
CyberWolves_2
Beginner

Connecting my RVS4000 to my ASA 5505 to enable access to my servers

I’ve been using a Cisco ASA 5505 Security Plus bundle for two years now without any problems. I recently changed my ISP to Verizon FiOS (which is providing me with 25 Mb bandwidth at a fraction of the cost of my old T1) which is set up to provide 5 Static externally facing IP numbers for my email, webserver and name servers;.  The problem is the Verizon router doesn’t support my use of the ASA Appliance. Verizon recommend I purchase a business class router and use it in place of they one provided with my installation. Verizon assures me that this will work so I bought a Cisco RVS4000. I have configured it to use the primary external IP number and have internet access; however, the new router is providing NAT addressing which the ASA is in conflict with (they are both using the same NAT IP range). I'm assuming the ASA 5505 is expecting to have access to the external IP address and NOT NAT address (at least that is how I have had it configured so far). I have to admit I don’t know a lot about networking and am hoping someone can tell me how to configure the new router to provide access to the five static external “real world” IP to my Cisco ASA Firewall. I’m assuming I may need to establish another VLAN and/or do some form of bridging but I’m in over my head at this point.


Worse case I can go back to using the router that came with my new line (and has a built in firewall); but I would much rather keep using
my ASA 5505 if ta all possible.

Any assistance will be greatly appreciated@

Wolf



5 REPLIES 5
mpyhala
Rising star

Hi Wolf,

I think that the feature you are looking for is One-to-one NAT. Unfortunately this is not a feature of the RVS4000. The RV0xx series (RV016, RV042, RV082) support One-to-one NAT. See the following post for further details:

https://www.myciscocommunity.com/thread/5596;jsessionid=11A770A95DB9525BAE2D668DA569CD39.node0

Thanks fr response.  While this might do what I'm looking for; what I really think I'm trying to do is disable NAT all together and have the RVS4000 route my 5 external IP to my Firewall. When I had my previous broadband provider the router was providing the real world IP to my internal network so that if I wanted to (which I didn't because it was a huge security risk) I could have had my servers running actual IP numbers rather than NAT IP.  Thus my ASA 5505 had access to the real IP and the firewall provided all my internal NAT (including my DMZ which was logically separated from the rest of my internal network).  Is this something my RSV4000 can do?

Thanks again for replying!



Wolf,

I suspect that your T1 provider had you connected to an enterprise router for the capabilities that you had. The closest you will get with a Small Business router is One-to-one NAT, which as I stated previously the RVS4000 does not have. Why not connect the ASA 5505 directly to the ISP and forget about the second router?

That's a great question. I tried connecting the incoming line directly to my firewall (without a router in between) and while it could
access the primary IP and gateway, it could NOT access any of my other external IP. When I called Verizon they said I simply needed any business class router to route the additional outside IP to the firewall. Thus my purchase of the RVS4000 from a vendor who assured me it was able to do this. Perhaps, both Verizon and the vendor were wrong?

I recognize that I don't know a lot about routers; but it just doesn't seem like this should be all that hard to do.  However, if I can't get a router to do this then I guess I'm left with no choice but to discard my ASA Security appliance and go back to use the Verizon supplied router with its less robust and industry class "built in" firewall. I hate to do that because I have a lot invested in my Cisco products (including a lot more trust in Cisco keeping my internal network safe); but at least I might be able to get that to
work.
Thanks for trying to help.






Wolf,

It sounds like you just need a little configuration assistance with the ASA 5505. Try posting your question here:

https://supportforums.cisco.com/community/netpro/security/firewall

If this helps you, please give us an update for future reference.