ASA behind border router – NAT help

Home Forums Networking Cisco Security – PIX/ASA/VPN ASA behind border router – NAT help

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    boeckelr
    Member
    #155473

    Hi everyone…I havent posted here in a while…I tried posting this in the Cisco Router and Switch forum but it wouldnt let me…if it somehow shows up as a double post, this is the reason why.

    Anyway I have what is probably a simple question for you Cisco gurus.

    I have a Cisco 871 router that I want to set up as a border router with a Cisco ASA 5505 behind it.

    I have a cable modem that gives me a dynamic ip…so the 871’s outside interface will get its ip address via DHCP.

    I would like to have the 871’s inside address as 10.0.0.1 and the ASA’s outside interface as 10.0.0.2. Finally, I would like the ASA’s inside Vlan to be 192.168.1.0/24.

    Obviously I want the border router to just pass traffic….but I will be putting ingress and egress filters on it. The ASA will do all other security.

    I found an article describing how to do this here: http://snipurl.com/20p8mh

    It says to do the following: For outbound communication (Internal LAN towards the Internet), do not translate the network 192.168.1.0/24 on the Cisco ASA. Rather create a static mapping of 192.168.1.0 to itself (will see this below) and configure NAT overload on the Cisco Router for the network 192.168.1.0/24.

    Does this make sense? Can you do NAT overload (on the border router) for a network that is coming off of the ASA? And what does making a static map of 192.168.1.0/24 to itself do?

    Are there any other (easier or more logical) ways to do this?

    Anyway thanks in advance for your help…
    Mike

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.