Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


ASA Question, can this be done ASA5512X

ASA Question, can this be done ASA5512X

ASA Question, can this be done ASA5512X

Customer has a range of staic wan address from their ISP which basically appear on FE0/1 of a cisco 1941- we have no access at all to this router it basically just pumps out this range over Fe0/1. It goes to their ASA 5512x port 0/0 and then port 0/1 goes into their lan. I need to connect up an HP MSR VPN router using one of the statics from their WAN range to lan to lan vpn for Avaya voice traffic only. I don't have any ASA experience and their onsite guy only has very limited ASA experience (we're having trouble getting hold of their firewall maintainer) Apart from static NAT translation, (I'd prefer to be able to make the ip address of the Wan interface on HP VPN router a static ip internet address from their range provided by the ISP) They do not want a 'dumb' wan switch between their firewall and ISP router, is there any way the ASA could be configured so that if I connect my HP VPN router to one the spare ports on the ASA I can connect this straight onto the HP VPN router and manually assign a static address from their range, I would have to get thier firewall maintainer to do thism but is this actually possible?

RE: ASA Question, can this be done ASA5512X

yeah its super easy ..

create a firewall object for the VPN device, give it the internal IP address, click on the NAT drop down that will expand the object creation box, now click automatic address translation(check box to enable nat), then drop down to static (should be the default i think), now add the translated address to be the ip address (external / global) that is in the range you want.
click advance, pick the inside and outside interfaces. click ok, click ok and click apply.

step 2: on the outside accesslist, allow the other end (from outside) to connect to the object you created in the previous step on the ports needed.

press apply/ and save
and yer done.

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close