NAT needed reaching ASA 5505?

Discussion in 'Cisco' started by Tim Roelands, Oct 26, 2008.

  1. Tim Roelands

    Tim Roelands Guest

    Hi,

    I'm a kind of a Cisco newbie and like to see some questions answered I do
    not understand...

    Situation;

    Using an Linksys router controlling my internetconnection (static IP).
    Behind this Linksys router my Cisco ASA 5505 appears. The question is: to
    setup a VPN remote connection is it required to forward some kind of port
    (NAT) in my Linksys to reach the Cisco when trying to connect from the
    internet with a VPN client? I'm doubt the software can reach the Cisco for
    authentication because it is blocked by my Linksys. On the other hand, I do
    need my Linksys to setup my internet connection...If anyone can help, would
    be great!
     
    Tim Roelands, Oct 26, 2008
    #1
    1. Advertisements


  2. Having your linksys up ahead of the ASA really limits the ASA, as
    you're going to be duplicating everything inbound on the Linksys, and
    then the ASA. Certain things will also be broken.

    I'd investigate options to remove the Linksys device, whatever it may
    be (you don't detail what it actually is, Linksys makes a few
    different types of routers), or to bypass its NAT functions somehow
    with your upstream (ie. buying more routed IPs, etc).

    If its possibly, you'd need to have the linksys router forward all
    IPSec protocol packets (not just ports, but actually protocol) as well
    as UDP port 500. Also, your VPN option will need to have NAT-T turned
    on on both sides (ie. server and client).
     
    Doug McIntyre, Oct 26, 2008
    #2
    1. Advertisements

  3. Tim Roelands

    Tim Roelands Guest

    Well...that makes it more complex then I expected..... :(....My linksys is
    an RV042 and my ISP provides routed subnet internet, so I got more then one
    static public IP addresses.

    I found out that port 0 on my Cisco manages the outside area, so the
    internet side. Would be create if I could use port 0 to connect direct to my
    routed subnet modem, but I can't....the Linksys must be installed between,
    else there is no go...

    Can you give me an advice about using a good router witch can handle routed
    subnet internet with an straight throughput, not interfairing with my Cisco?
     
    Tim Roelands, Oct 26, 2008
    #3
  4. Tim Roelands

    Tim Roelands Guest

    Andrew,

    Routed subnet doesn't use PPPoE...The point is that port 0 can be configured
    with a static IP (needed and configured in my Linksys), but I can't
    configure any gateway and DNS in my ASA then.....what is necessary to get it
    connected properly...Otherwise I could connect my ASA directly to my routed
    subnet modem provided by my ISP....
     
    Tim Roelands, Oct 26, 2008
    #4
  5. Tim Roelands

    Tim Roelands Guest

    Should I place my ASA 5505 in the DMZ of my Linksys router, so all
    communication will pass, without worring about some ports or protocols to be
    set to connect?
     
    Tim Roelands, Oct 29, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.