cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
446
Views
0
Helpful
6
Replies
Highlighted
Beginner

Cisco 2911 and ASA 5512 remove double NAT

Greetings,

i have 2 Subnets on Cisco 2911 router

192.168.3.0/24 and 192.168.1.0/24

3rd Network 192.168.4.0/24 is natting internal interface to modem for internet access. which creates 2 NATs (NAT in router and NAT in Modem)

i have just bought Cisco ASA 5512, any chance i can remove NAT from Cisco 2911 router and put default gateway to Cisco ASA ??

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

yeah..... you are correct...

yeah..... you are correct....

you should ensure that you get the traffioc routed from LAN to hit the ASA inside interface.... in ASA you can do PAT/NAT for the internet access......

 

Regards

Karthik

View solution in original post

6 REPLIES 6
Highlighted
Rising star

Hi, If you are going to place

Hi,

 

If you are going to place your asa in between router and modem then you can remove that nat over interface of router and you can put that as a gateway to asa's inside interface and from ASA you can do  based on your needs.

 

Regards

Karthik

Highlighted
Beginner

no, i will be removing modem

no, i will be removing modem as and replacing it with ASA. but i dont think Internet access will work while NAT removed on Router.

 

should i point 192.168.4.1 (ASA IP) as default route on Cisco Router? and remove NAT from it.

will NAT work on ASA ?

Highlighted
Rising star

okay..... in modem you would

okay..... in modem you would have a option to nat only on the connected interface segment, that is why you have used interface of router to nat and  go out in internet.....

 

if you place ASA, then you will be having internet connected on outside interface.... and your LAN(router) is connected in inside interface of firewall ..... so you do not need to nat the LAN traffic in router.... instead you can add default route pointing to inside interface ip of firewall..... 

NAT/PAT you can configure on ASA with its interface / public ip stack.

Internet cloud <-->  Cisco ASA <--->router <--> LAN

 

Regards

Karthik

 

Highlighted
Beginner

so in short setup should be

so in short setup should be like this

 

Cisco 2911 - 3 Subnets 192.168.1.0 - 3.0 and 4.0 - NO NAT Here.

 

ASA's Interface with IP 192.168.4.1 should be default route for Cisco 2911 Router ? while ASA's other interface is connecting directly to Internet ? and a NAT between these Interfaces ?

Highlighted
Rising star

yeah..... you are correct...

yeah..... you are correct....

you should ensure that you get the traffioc routed from LAN to hit the ASA inside interface.... in ASA you can do PAT/NAT for the internet access......

 

Regards

Karthik

View solution in original post

Highlighted
Beginner

 Ok thanks ill do that.

 

Ok thanks ill do that. Appriciated

CreatePlease to create content
Content for Community-Ad