ASA behind border router – NAT help

[boeckelr]

#155473

Hi everyone…I havent posted here in a while…I tried posting this in the Cisco Router and Switch forum but it wouldnt let me…if it somehow shows up as a double post, this is the reason why.

Anyway I have what is probably a simple question for you Cisco gurus.

I have a Cisco 871 router that I want to set up as a border router with a Cisco ASA 5505 behind it.

I have a cable modem that gives me a dynamic ip…so the 871’s outside interface will get its ip address via DHCP.

I would like to have the 871’s inside address as 10.0.0.1 and the ASA’s outside interface as 10.0.0.2. Finally, I would like the ASA’s inside Vlan to be 192.168.1.0/24.

Obviously I want the border router to just pass traffic….but I will be putting ingress and egress filters on it. The ASA will do all other security.

I found an article describing how to do this here: http://snipurl.com/20p8mh

It says to do the following: For outbound communication (Internal LAN towards the Internet), do not translate the network 192.168.1.0/24 on the Cisco ASA. Rather create a static mapping of 192.168.1.0 to itself (will see this below) and configure NAT overload on the Cisco Router for the network 192.168.1.0/24.

Does this make sense? Can you do NAT overload (on the border router) for a network that is coming off of the ASA? And what does making a static map of 192.168.1.0/24 to itself do?

Are there any other (easier or more logical) ways to do this?

Anyway thanks in advance for your help…
Mike

[Author]

Posts