I have an ASA firewall,i also have a Motorola router that is actually a modem and a router and an access point in the same time (3 in 1) ;however iam only intending to use the Motorola internal ports to connect to the external ASA port, when i finish the NAT rules (which translating the internal ASA network into the outside network which is 192.168.0.0/24 which is the internal network for the Motorola router) which one is the public IP address in this case?? i mean i might not be able to get to the ASA's internal IP from the Internet because it is the internal network for the Motorola...so in this case is my only public IP on the Internet in the Motorola's external IP ? which is the ISP's IP address provided???
I am really lost on this one, any help here is much appreciated.
Seems to me that your public IP address will be configured on the Motorola device. In most cases the device will probably be using DHCP to get the public IP address from the ISP and therefore the IP might sometimes change. Though naturally it might be a static public IP address as I don't know the thing is handled in your case.
If you wish to have a host/server reachable from the Internet then you would probably have to configure somekind of Static PAT (Port Forward) on the Motorola device or perhaps even Static NAT the public IP address from to the external IP of the ASA (from the network 192.168.0.0/24) so that all traffic that is allowed on the Motorola device will be forwarded to the ASA (because of the 1:1 Static NAT mapping of the IP addresses)
If you need to reach your internal network remotely and dont need to host anything directly to the public network then you might be able to set up VPN Client connection to the ASA.
If you dont know the public IP address then if its a DHCP IP address from the ISP you can always check your current public IP address through some site. I for example tend to go to www.ripe.net . It shows your current IP address on the site. Naturally there should be multiple other sites that show this information.
If your public IP address is static then the ISP probably has provided you some documentation which mentions the public IP address assigned to you when you got the Internet connection.
Also you might not need to configure NAT at all on the ASA since its not an edge device. You could simply let the internal networks of ASA and the Motorola device to communicate with their original IP addresses. This would naturally require that the Motorola device has a route for the ASA internal network on it pointing towards the external IP address of the ASA.
If possible put the Motorola into bridge mode. The ASA will then grab the public IP from the ISP. If the modem cannot do bridging then your options are in Jouni's post.
Jouni and Collin thanks for replying in such a short notice. Jouni I know my Public ISP IP and it is on DHCP so i frequently check for changes because it does change sometimes, in fact i already used services before i got the ASA i used to use services such as remote desktop connection, (forwarded port 3389 to the intended computer) i also have a webserver which i forwarded port 80 and 443 to for service, but when i got the ASA things got a little more complicated,so what you saying is from now on i will forward all these ports to one IP address which is the ASA's external IP and the ASA show take care of it?
Also for the VPN i will need to also forward the VPN port Number for instance 1723 for IPsec or some other VPN ports , i have to forward these port also on the Motorola to the external IP of the ASA and it show take care of it without further complication?
Now, if the ASA had a coxial cable port then i would've simply took out the Motorola out of the equation but, the Cable is coaxial which is connected to the back of the Motorola.