Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1095
Views
0
Helpful
6
Replies

Cisco 2911 and ASA 5512 remove double NAT

Go to solution
khurambz1986
Level 1
Level 1

‎08-13-2014 06:33 AM - edited ‎03-07-2019 08:22 PM

Greetings,

i have 2 Subnets on Cisco 2911 router

192.168.3.0/24 and 192.168.1.0/24

3rd Network 192.168.4.0/24 is natting internal interface to modem for internet access. which creates 2 NATs (NAT in router and NAT in Modem)

i have just bought Cisco ASA 5512, any chance i can remove NAT from Cisco 2911 router and put default gateway to Cisco ASA ??

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkarthikeyan
Level 7
Level 7
In response to khurambz1986

‎08-13-2014 10:52 AM

yeah..... you are correct....

you should ensure that you get the traffioc routed from LAN to hit the ASA inside interface.... in ASA you can do PAT/NAT for the internet access......

 

Regards

Karthik

View solution in original post

0 Helpful
6 Replies 6

Go to solution
nkarthikeyan
Level 7
Level 7

‎08-13-2014 07:18 AM

Hi,

 

If you are going to place your asa in between router and modem then you can remove that nat over interface of router and you can put that as a gateway to asa's inside interface and from ASA you can do  based on your needs.

 

Regards

Karthik

0 Helpful

Go to solution
khurambz1986
Level 1
Level 1
In response to nkarthikeyan

‎08-13-2014 08:58 AM

no, i will be removing modem as and replacing it with ASA. but i dont think Internet access will work while NAT removed on Router.

 

should i point 192.168.4.1 (ASA IP) as default route on Cisco Router? and remove NAT from it.

will NAT work on ASA ?

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to khurambz1986

‎08-13-2014 09:16 AM

okay..... in modem you would have a option to nat only on the connected interface segment, that is why you have used interface of router to nat and  go out in internet.....

 

if you place ASA, then you will be having internet connected on outside interface.... and your LAN(router) is connected in inside interface of firewall ..... so you do not need to nat the LAN traffic in router.... instead you can add default route pointing to inside interface ip of firewall..... 

NAT/PAT you can configure on ASA with its interface / public ip stack.

Internet cloud <-->  Cisco ASA <--->router <--> LAN

 

Regards

Karthik

 

0 Helpful

Go to solution
khurambz1986
Level 1
Level 1
In response to nkarthikeyan

‎08-13-2014 09:27 AM

so in short setup should be like this

 

Cisco 2911 - 3 Subnets 192.168.1.0 - 3.0 and 4.0 - NO NAT Here.

 

ASA's Interface with IP 192.168.4.1 should be default route for Cisco 2911 Router ? while ASA's other interface is connecting directly to Internet ? and a NAT between these Interfaces ?

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to khurambz1986

‎08-13-2014 10:52 AM

yeah..... you are correct....

you should ensure that you get the traffioc routed from LAN to hit the ASA inside interface.... in ASA you can do PAT/NAT for the internet access......

 

Regards

Karthik

0 Helpful

Go to solution
khurambz1986
Level 1
Level 1
In response to nkarthikeyan

‎08-13-2014 12:30 PM

 

Ok thanks ill do that. Appriciated

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card