Cisco ASA 5510 and real IP behind FW

Hi,

I am going to deploy Microsoft DirectAccess to our demo lab and have couple of problems / Q:s

Our lab network topology is on the picture. First there is our ISP:s modem/router device which i dont have access (i can´t configure this device).
I suppose that there is route 5.4.3.176/28 --> to our ASA:s external interface.

Then there is our ASA which has couple of interfaces, 1 x external, 1 x internal.
On ASA there is dynamic PAT which is using IP of enternal interface.

From ASA to Cisco 2821 router there is straight cabel to interface Gi0/0. On router there is interface Gi0/1 which is connected to C3560 switch.
I have created multiple vlan/SubIF to router and same VLAN:s to switch.
Then there is VMware ESX 4i host with W2008 Enterprise server with MS UAG server.
On W2008 i have two interfaces, one to internal and one to external.

Q1: which is the easiest way to get real ip(5.4.3.189) without NAT to our UAG server (MS document s says that this server should be directly connected to internet wihtout NAT). So what i have to do if i want to.

I know that i have to make somekind of DMZ where i can put that VMware interface, but how do i do it?
Can i make static route to ASA like 5.4.3.184/29 --> 10.2.72.2 and then on the router i make vlan which has ip 5.4.3.185 and then put my VMware interface to there?
I think thats not good option?

network.PNG
SkegeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MikeKaneCommented:
Have you considered running the ASA in transparent mode?    It becomes an inline device to monitor traffic and do the packet inspection without being a NAT device....  

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml
0
gavvingCommented:
Place a switch between your firewall and Internet router. Then you can plug a cable into that switch from your vmware server. You can then use the Internet ip directly on the server, or on a vm that you have bound to that port. That's the easiest way I know of.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.