1. Home
  2. Cisco Systems
  3. NAT needed reaching ASA 5505?

NAT needed reaching ASA 5505?

Hi,

I'm a kind of a Cisco newbie and like to see some questions answered I do not understand...

Situation;

Using an Linksys router controlling my internetconnection (static IP). Behind this Linksys router my Cisco ASA 5505 appears. The question is: to setup a VPN remote connection is it required to forward some kind of port (NAT) in my Linksys to reach the Cisco when trying to connect from the internet with a VPN client? I'm doubt the software can reach the Cisco for authentication because it is blocked by my Linksys. On the other hand, I do need my Linksys to setup my internet connection...If anyone can help, would be great!

Reply to
Tim Roelands
Loading thread data ...

Having your linksys up ahead of the ASA really limits the ASA, as you're going to be duplicating everything inbound on the Linksys, and then the ASA. Certain things will also be broken.

I'd investigate options to remove the Linksys device, whatever it may be (you don't detail what it actually is, Linksys makes a few different types of routers), or to bypass its NAT functions somehow with your upstream (ie. buying more routed IPs, etc).

If its possibly, you'd need to have the linksys router forward all IPSec protocol packets (not just ports, but actually protocol) as well as UDP port 500. Also, your VPN option will need to have NAT-T turned on on both sides (ie. server and client).

Reply to
Doug McIntyre

Well...that makes it more complex then I expected..... :(....My linksys is an RV042 and my ISP provides routed subnet internet, so I got more then one static public IP addresses.

I found out that port 0 on my Cisco manages the outside area, so the internet side. Would be create if I could use port 0 to connect direct to my routed subnet modem, but I can't....the Linksys must be installed between, else there is no go...

Can you give me an advice about using a good router witch can handle routed subnet internet with an straight throughput, not interfairing with my Cisco?

Reply to
Tim Roelands

Grate on the multiple static IP addresses bit...

Since that model uses an Ethernet WAN port, what is upstream of your Linksys? How is the Linksys connecting to the Internet - i.e, does it use some type of PPPOE authentication? I think you should be able to accomodate this on the ASA. BTW, the default ASA configuration puts the first ethernet port on the outside interface, and uses DHCP to obtain an IP address. It should be just a matter of changing these options in the VLAN2 interface (the outside interface).

Andrew.

Reply to
Andrew Hodgson

"Andrew Hodgson" schreef in bericht news: snipped-for-privacy@news.giganews.com...

Andrew,

Routed subnet doesn't use PPPoE...The point is that port 0 can be configured with a static IP (needed and configured in my Linksys), but I can't configure any gateway and DNS in my ASA then.....what is necessary to get it connected properly...Otherwise I could connect my ASA directly to my routed subnet modem provided by my ISP....

Reply to
Tim Roelands

I am not sure about a DNS proxy in the ASA (though it does have a DHCP server which you can give options for specifying a DNS server to). I tend to use an internal DNS server. You specify a default route, however, you don't specify it on the interface definition (well at least that is how I have mine setup):

route outside 0.0.0.0 0.0.0.0 ip.of.WAN.router 1

Andrew.

Reply to
Andrew Hodgson

"Tim Roelands" schreef in bericht news:49049e5b$0$12284$ snipped-for-privacy@news.tele.nl...

Should I place my ASA 5505 in the DMZ of my Linksys router, so all communication will pass, without worring about some ports or protocols to be set to connect?

Reply to
Tim Roelands

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.