Network upgrade: ASA 5505 configuration


I need to do some IP address rearanging on my Cisco ASA 5505 as I am currently not using NAT and I want to get it to a configuration where my external IP addresses are on the outside interface, and I can use static NAT to map specific internal IP addresses to public IP addresses.

I have a couple of questions:

- Should this be possible using the ASA 5505, and a Cisco 837 on the outside network IP address block also?

- Does anyone have the default configuration file from the ASA 5505 as shipped from Cisco? I think I can get the firewall back to default state, but want to edit the file manually on my PC first.

- When I got the unit, I think I didn't have a license for a DMZ IP segment. I had a lot of material with the unit, but couldn't remember off hand whether I could get a free DMZ license from Cisco. Does anyone know if this is possible? The packaging is not here at the moment, but I will find it and try to recover the license if there is one.

Thanks. Andrew.

Reply to
Andrew Hodgson
Loading thread data ...


yes. will it work ? no depending upon your router config ... you can not have same IP subnet located twice or in two places in the same internetwork.

formatting link

Show version will tell you what your license type is. you need Security plus, for full DMZ. With Base lic you DMZ can not make connection inbound

HTH Martin

Reply to

This is what I was thinking of doing:

Router: interface Ethernet0 ip address xx.xx.xx.209

interface Dialer0 ip address negotiated (receives WAN static)


interface vlan2 nameif outside security-level 0 ip address xx.xx.xx.210

interface vlan1 nameif inside ip address security-level 100

global (outside) 1 interface global (outside) 2 xx.xx.xx.11-xx.xx.xx.222 netmask nat (inside) 1 0 0

route outside xx.xx.xx.209 1 (can this go in the outside interface definition?) access-group outside_access_in in interface outside

access-list outside_access_in extended permit tcp any host eq 25

static (inside,outside) xx.xx.xx.211 netmask

What I want to achieve with this is the following:

- All outgoing connections from anything on is presented to the outside on xx.xx.xx.209.

- I have some server on which I want presenting to the outside world on xx.xx.xx.211.

- I want people to connect to the IP address xx.xx.xx.211 on port 25 and they will be connected to this server.

Will this do it?

Thanks. Andrew.

Reply to
Andrew Hodgson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.