Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
1
Replies

Move ASA to the edge

jgauthier
Level 1
Level 1

‎02-04-2011 01:01 PM - edited ‎03-07-2019 12:36 AM

All,

   I am attempting take a a set up where I have Internet->Router->ASA->Internal to just Internet->ASA->Internal.  I've attached a drawing.

My router is using an IP address on its interface that is assigned by the ISP.  (Not an IP assigned to my site)

Then, I have a block of addresses.  I assign these to the router, and outside interface of the ASA.

I would like to switch things so my firewall is on the edge.  However, I am wondering how I would do that considering I need to supply, essentially, two IPs to the "outside".  One will be the ISP assigned one, and one will be my real outside address.  VLANing is not an issue here, as the ASA is already VLANd quite a bit.  I'm just not sure how to apply this configuration.

Any points or hints would be great.  I have attempted a psuedo config by creating another VLAN'd interface.  I assigned it to an "ISP assigned" address, and put a machine on the other end.   While I can hit physical system on the outside network, anything inside the network through NAT is non-responsive.

Thanks!

(None of those IPs are real, in the drawing)

Labels:
Preview file
79 KB
0 Helpful
1 Reply 1

hobbe
Level 7
Level 7

‎02-05-2011 04:53 AM

Hi

well you have not given enough information on what you are doing with the traffic and how it flows so that we can help out properly.

However there are a couple of things that I might think could work without to much trouble

First do you do anything with the router exept routing ?

If you are not doing anything else but routing then just call the isp and tellthem what you want to do and ask them to use the interface facing the firewalls ip address to their router instead of the address they are using that now faces the router.

That way you will have to change nothing and will most likely its their address space you are using anyway.

So that should be no biggie.

The only problem with that could be that they are leaving a non ethernet cabel that attaches to the router and the firewall can not use that.

Good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card