Questions

ASA 5510 and Cisco 2811 router dot1Q?

+
0 Votes
Locked

ASA 5510 and Cisco 2811 router dot1Q?

kris
My question is this: Our ISP has assigned us with a single network segment of x.x.28.x/29. We then needed more public IP's so we requested another /29 octet. They then assigned us x.x.27.x/29. Our current setup is the MPLS Internet connection demark, to a Cisco 2811 Router that has a WAN ip of a /30 and an inside ip of the /29. Then from that it goes to a Cisco ASA 5510 with the outside ip another public /29, and the inside is a 172 addressing scheme. My question is, with the new network set they gave us, can I configure dot1q in between the router and the ASA to get both networks over that link then configure the translation on the ASA? If so, how? Any help is appreciated! THANKS A MIL!! Kris
+
0 Votes
aiwamoto
Collapse -

I have configured ASAs to use trunking on inside interfaces coming from a L3 switch so I don't see why you couldn't do the same for an outside interface. You would just have different ACLs for each sub-interface for each assigned IP block. The only potential challenge is if you need to map two different public IPs to the same internal IP. I don't think that is a problem based on your description as you just needed more IPs not getting more for redundancy.

Personally, I would just get a new /28 block and make all the necessary DNS changes but maybe that's not possible for your environment.

+
0 Votes
kris
Collapse -

I wish this was the case, but i don't think my ISP will allow getting a /28. I've tried configuring the dot1q, but i can't get it to talk. I just want to know if its possible to set that up between the Router and the ASA over the same link. Both of the new address sets go back to the same gateway....So i figured it would work, then the ASA would do the NAT for the public to private IP's. Its just how to get it configured...that is the question. Thanks for your reply!

+
0 Votes
career
Collapse -

Yes, the 2811 should support trunking but might have to upgrade software. I know with the 2600s, you needed the "IP Plus" feature set.

However, it should be possible to just route the new /29 to the ASA's outside IP, then use NAT/PAT commands on the ASA just as if there was a new interface.