Customer has a range of staic wan address from their ISP which basically appear on FE0/1 of a cisco 1941- we have no access at all to this router it basically just pumps out this range over Fe0/1. It goes to their ASA 5512x port 0/0 and then port 0/1 goes into their lan. I need to connect up an HP MSR VPN router using one of the statics from their WAN range to lan to lan vpn for Avaya voice traffic only. I don't have any ASA experience and their onsite guy only has very limited ASA experience (we're having trouble getting hold of their firewall maintainer) Apart from static NAT translation, (I'd prefer to be able to make the ip address of the Wan interface on HP VPN router a static ip internet address from their range provided by the ISP) They do not want a 'dumb' wan switch between their firewall and ISP router, is there any way the ASA could be configured so that if I connect my HP VPN router to one the spare ports on the ASA I can connect this straight onto the HP VPN router and manually assign a static address from their range, I would have to get thier firewall maintainer to do thism but is this actually possible?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
ASA Question, can this be done ASA5512X
- Thread starter tdmneil
- Start date
imbadatthis
Technical User
yeah its super easy ..
create a firewall object for the VPN device, give it the internal IP address, click on the NAT drop down that will expand the object creation box, now click automatic address translation(check box to enable nat), then drop down to static (should be the default i think), now add the translated address to be the ip address (external / global) that is in the range you want.
click advance, pick the inside and outside interfaces. click ok, click ok and click apply.
step 2: on the outside accesslist, allow the other end (from outside) to connect to the object you created in the previous step on the ports needed.
press apply/ and save
and yer done.
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
create a firewall object for the VPN device, give it the internal IP address, click on the NAT drop down that will expand the object creation box, now click automatic address translation(check box to enable nat), then drop down to static (should be the default i think), now add the translated address to be the ip address (external / global) that is in the range you want.
click advance, pick the inside and outside interfaces. click ok, click ok and click apply.
step 2: on the outside accesslist, allow the other end (from outside) to connect to the object you created in the previous step on the ports needed.
press apply/ and save
and yer done.
We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
- Status
Similar threads