Basic ASA question

RobotsxRobotsx Member Posts: 10 ■□□□□□□□□□
in CCNA Security
I've just obtained a Cisco ASA 5505 device from my company (they want me to learn this device). I've setup basic configuration (NAT, VLANS etc), and it worked fine when outside port was connected to the router. When I connected it straight to the modem, it didn't even obtain an IP address from modem DHCP service. It is some kind of home Netgear DSL modem.

The main question is if ASA needs an router between it and modem, or I just did something wrong.
· Share on FacebookShare on Twitter

Comments

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    No it can be either. In my lab I have my asa behind a router so my wireless network is not impacted though.
    Security Certification Roadmap
    · Share on FacebookShare on Twitter
  • awitt11awitt11 Member Posts: 50 ■□□□□□□□□□
    In my experience, the DSL/Cable modem will get an IP from your provider and then serve up a private IP to your inside network (often 192.168.1.0/24). Can you set a static on the ASA in this range? Was the ASA acting as DHCP client in your test lab with the router acting as DHCP server?
    · Share on FacebookShare on Twitter
  • JoeBirdsJoeBirds Member Posts: 49 ■■□□□□□□□□
    Try this on your ASA when connecting straight into the modem:

    (config-if)# ip address dhcp

    This will configure your ASA to act as a DHCP client. If this doesn't work, it may be due to necessary pppoe configuration to authenticate your ASA to your ISP. Something like this:

    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group pppoegroup
    ip address dhcp setroute

    A lot of times the modem performs this step, but it may be needed on your ASA before it can pass traffic. Let me know if this works!
    · Share on FacebookShare on Twitter
  • AD227529AD227529 Member Posts: 82 ■■□□□□□□□□
    Is the Netgear a modem or a router? If it's a router, you will need to put it in "bridge mode". You can't have two DHCP servers or you will have a DHCP conflict and none of the hosts on your LAN will get an IP address. I learned this lesson the hard way on the job! This will turn off DHCP on the Netgear and let the ASA act as the DHCP server, assuming that you have DHCP enabled on the ASA. I think you can then set the outside IP address of the ASA to "DHCP" and it should pick up an IP address from the ISP, or if you have a static IP address from your ISP, you can use that instead. Enable NAT on the ASA and you should be good to go!
    CCNA, CCENT, A+, Net+, Security+
    · Share on FacebookShare on Twitter
Sign In or Register to comment.