• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 664
  • Last Modified:

Need help with Cisco 2800 ISR + ASA 5510 configuration

I have a site that I need to install a Cisco 2800 router and an ASA 5510 with the AIP-10 SSM.  I would like the router to do NAT as well as DHCP, and would like to have the ASA run in transparent mode and perform IDS/IPS.  I need the ASA to provide VPN connectivity and not the 2800 router.  Is this configuration possible.
0
ryanva
Asked:
ryanva
  • 4
  • 3
2 Solutions
 
lrmooreCommented:
you cannot have the ASA in transparent mode and simultaneously have it be the VPN endpoint.

0
 
ryanvaAuthor Commented:
ok so assuming that I cannot have a transparent firewall be a VPN endpoint, then how should this configuration be done. I would like the ASA to be the VPN endpoint if possible.
0
 
lrmooreCommented:
The ASA can do VPN, NAT and all access control along with IPS/IDS
The Router can just pass packets from WAN to LAN interface.
If you have an Ethernet feed for WAN, then the router is useless.

0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
ryanvaAuthor Commented:
The ISR is going to be for a VOIP deployment in the very near future.
0
 
lrmooreCommented:
makes a good VoIP gateway....

0
 
ryanvaAuthor Commented:
are you saying that the 2800 should not be inline with the asa?
0
 
lrmooreCommented:
Not if you have Ethernet WAN feed.
What kind of PSTN feed are you planning? PRI or SIP trunk?
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now