PDA

View Full Version : Problem connecting Router 1900 to ASA 5520


m.stone
12-17-2009, 10:17 PM
Hi,
I am having issue connecting my 1900 router to my ASA 5520, setup below;

Router 1900-----------ASA 5520----------LAN

The router has tunnel in config and lot so I don't want to remove it, I want the router to just direct traffic to ASA inbound, and ASA shud direct to router for outbound.

How should I do?

Thanks

David.C
12-17-2009, 10:21 PM
Hi,
I am having issue connecting my 1900 router to my ASA 5520, setup below;

Router 1900-----------ASA 5520----------LAN

The router has tunnel in config and lot so I don't want to remove it, I want the router to just direct traffic to ASA inbound, and ASA shud direct to router for outbound.

How should I do?

Thanks

Maybe you wanna say the router has configuration you dont want to delete?. If so, you won't, only create an level 3 interconnection between router and ASA(for instance, assign 172.16.30.1/29 for router and .2 for ASA). Then create a route on router that points to ASA for reaching your LAN and assign as default gateway the router on ASA for reaching internet.

m.stone
12-21-2009, 09:42 PM
Right, I have some config on the router and I want the router to be at the edge and the ASA should be connected to the router. I hope all security will still work perfectly if the ASA is not at the edge?.......what should i configure static route or default static between the devices? please elaborate.Thanks

David.C
12-22-2009, 09:50 PM
ASA will protect all the packets cross it, it's not mandatory you place ASA as edge equipment, in fact, it's not usual.

Then, ASA must be the default gateway for all networks you want to protect. If now that role belongs to router and you dont wanna change the network addressing, then, you must place ASA in transparent mode, from this way, you won't have to change any configurations on your network.

Whatever option you choose, you'll have to configure access-list on ASA in order to allow traffic you want (VPN access, internet access...)

m.stone
12-23-2009, 10:17 PM
OK, thanks... Now I understand it but my issue now is I have AIP-SSM 20 module on the ASA, I still want to use the ASA in transparent mode as well as direct traffic to pass thru the ASIP-SSM 20 module, is that possible and how?

David.C
12-27-2009, 10:31 PM
OK, thanks... Now I understand it but my issue now is I have AIP-SSM 20 module on the ASA, I still want to use the ASA in transparent mode as well as direct traffic to pass thru the ASIP-SSM 20 module, is that possible and how?

Yes, it's possible. Take a look at this link:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ips.html

Note it refers to 8.2 version