Cisco ASA 5505 and Cisco 878 Configuration

Soldato
Joined
17 Oct 2002
Posts
3,941
Location
West Midlands
Greetings, currently i have the ASA behind the 878.

The router has an external address on the dialer interface and i have also assigned an external address to the outside interface of the ASA with the same subnet mask.

Is it possible using just the two external address's to route between the firewall and the router without assigning an address to Vlan 1 on the router or do i need a private subnet in between the two devices?


ISP - (Outside 80.1.1.1/24) Router (Inside) - (Outside 80.1.1.2 /24) ASA (Inside)

Regards
 
You will not be able to pass traffic unless you un-number the dialer to present the public IP addresses to the ASA. For this you will need more than 1 public IP address.

So, in order for this to work, you would actually assign the "public" address to vlan1. You would then go to your public interface and issue the "ip unnumbered dialer0". Assuming your public interface is dialer0, that should work.
 
I find this slightly confusing, has your ISP allocated a public /24 for your company?

The way we do it is the WAN IP is usually a single /32 address and then we allocate a public range for the customer to use on their LAN side. This is anything from a /24 to the more common /28 or /29. The LAN range is then advertised from our core.

In the above instance all you need is a /30 range, one on the router(LAN) the other on the ASA. As long as you have
ip route 0.0.0.0 0.0.0.0 dialer0 and the ISP is advertising your LAN range it will work fine.
 
Last edited:
You will not be able to pass traffic unless you un-number the dialer to present the public IP addresses to the ASA. For this you will need more than 1 public IP address.

So, in order for this to work, you would actually assign the "public" address to vlan1. You would then go to your public interface and issue the "ip unnumbered dialer0". Assuming your public interface is dialer0, that should work.

Indeed thats what im using now, thank you for the reply though :)

I find this slightly confusing, has your ISP allocated a public /24 for your company?

The way we do it is the WAN IP is usually a single /32 address and then we allocate a public range for the customer to use on their LAN side. This is anything from a /24 to the more common /28 or /29. The LAN range is then advertised from our core.

In the above instance all you need is a /30 range, one on the router(LAN) the other on the ASA. As long as you have
ip route 0.0.0.0 0.0.0.0 dialer0 and the ISP is advertising your LAN range it will work fine.

Indeed i would normally expect to either be issued a /30 address or a /29 address, for some reason single ip address allocations are now given with a /24 address, i was just as confused.

:)
 
Indeed i would normally expect to either be issued a /30 address or a /29 address, for some reason single ip address allocations are now given with a /24 address, i was just as confused.

It's not unusual for this to happen, as your connection is unlikely to be point to point - I know my Telewest connection is a /24 and I've got one IP from this network. Really depends how the ISP has setup their network....
 
Back
Top Bottom