i have 2 Subnets on Cisco 2911 router
192.168.3.0/24 and 192.168.1.0/24
3rd Network 192.168.4.0/24 is natting internal interface to modem for internet access. which creates 2 NATs (NAT in router and NAT in Modem)
i have just bought Cisco ASA 5512, any chance i can remove NAT from Cisco 2911 router and put default gateway to Cisco ASA ??
Solved! Go to Solution.
If you are going to place your asa in between router and modem then you can remove that nat over interface of router and you can put that as a gateway to asa's inside interface and from ASA you can do based on your needs.
no, i will be removing modem as and replacing it with ASA. but i dont think Internet access will work while NAT removed on Router.
should i point 192.168.4.1 (ASA IP) as default route on Cisco Router? and remove NAT from it.
will NAT work on ASA ?
okay..... in modem you would have a option to nat only on the connected interface segment, that is why you have used interface of router to nat and go out in internet.....
if you place ASA, then you will be having internet connected on outside interface.... and your LAN(router) is connected in inside interface of firewall ..... so you do not need to nat the LAN traffic in router.... instead you can add default route pointing to inside interface ip of firewall.....
NAT/PAT you can configure on ASA with its interface / public ip stack.
Internet cloud <--> Cisco ASA <--->router <--> LAN
so in short setup should be like this
Cisco 2911 - 3 Subnets 192.168.1.0 - 3.0 and 4.0 - NO NAT Here.
ASA's Interface with IP 192.168.4.1 should be default route for Cisco 2911 Router ? while ASA's other interface is connecting directly to Internet ? and a NAT between these Interfaces ?