Cisco ASA 5510 and real IP behind FW

Posted on 2010-04-09
Medium Priority
Last Modified: 2012-05-09

I am going to deploy Microsoft DirectAccess to our demo lab and have couple of problems / Q:s

Our lab network topology is on the picture. First there is our ISP:s modem/router device which i dont have access (i can´t configure this device).
I suppose that there is route --> to our ASA:s external interface.

Then there is our ASA which has couple of interfaces, 1 x external, 1 x internal.
On ASA there is dynamic PAT which is using IP of enternal interface.

From ASA to Cisco 2821 router there is straight cabel to interface Gi0/0. On router there is interface Gi0/1 which is connected to C3560 switch.
I have created multiple vlan/SubIF to router and same VLAN:s to switch.
Then there is VMware ESX 4i host with W2008 Enterprise server with MS UAG server.
On W2008 i have two interfaces, one to internal and one to external.

Q1: which is the easiest way to get real ip( without NAT to our UAG server (MS document s says that this server should be directly connected to internet wihtout NAT). So what i have to do if i want to.

I know that i have to make somekind of DMZ where i can put that VMware interface, but how do i do it?
Can i make static route to ASA like --> and then on the router i make vlan which has ip and then put my VMware interface to there?
I think thats not good option?

Question by:Skege
LVL 33

Expert Comment

ID: 30203756
Have you considered running the ASA in transparent mode?    It becomes an inline device to monitor traffic and do the packet inspection without being a NAT device....  


Accepted Solution

gavving earned 1000 total points
ID: 30277471
Place a switch between your firewall and Internet router. Then you can plug a cable into that switch from your vmware server. You can then use the Internet ip directly on the server, or on a vm that you have bound to that port. That's the easiest way I know of.

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question