Cisco ASA 5510 and real IP behind FW
Hi,
I am going to deploy Microsoft DirectAccess to our demo lab and have couple of problems / Q:s
Our lab network topology is on the picture. First there is our ISP:s modem/router device which i dont have access (i can´t configure this device).
I suppose that there is route 5.4.3.176/28 --> to our ASA:s external interface.
Then there is our ASA which has couple of interfaces, 1 x external, 1 x internal.
On ASA there is dynamic PAT which is using IP of enternal interface.
From ASA to Cisco 2821 router there is straight cabel to interface Gi0/0. On router there is interface Gi0/1 which is connected to C3560 switch.
I have created multiple vlan/SubIF to router and same VLAN:s to switch.
Then there is VMware ESX 4i host with W2008 Enterprise server with MS UAG server.
On W2008 i have two interfaces, one to internal and one to external.
Q1: which is the easiest way to get real ip(5.4.3.189) without NAT to our UAG server (MS document s says that this server should be directly connected to internet wihtout NAT). So what i have to do if i want to.
I know that i have to make somekind of DMZ where i can put that VMware interface, but how do i do it?
Can i make static route to ASA like 5.4.3.184/29 --> 10.2.72.2 and then on the router i make vlan which has ip 5.4.3.185 and then put my VMware interface to there?
I think thats not good option?
network.PNG
I am going to deploy Microsoft DirectAccess to our demo lab and have couple of problems / Q:s
Our lab network topology is on the picture. First there is our ISP:s modem/router device which i dont have access (i can´t configure this device).
I suppose that there is route 5.4.3.176/28 --> to our ASA:s external interface.
Then there is our ASA which has couple of interfaces, 1 x external, 1 x internal.
On ASA there is dynamic PAT which is using IP of enternal interface.
From ASA to Cisco 2821 router there is straight cabel to interface Gi0/0. On router there is interface Gi0/1 which is connected to C3560 switch.
I have created multiple vlan/SubIF to router and same VLAN:s to switch.
Then there is VMware ESX 4i host with W2008 Enterprise server with MS UAG server.
On W2008 i have two interfaces, one to internal and one to external.
Q1: which is the easiest way to get real ip(5.4.3.189) without NAT to our UAG server (MS document s says that this server should be directly connected to internet wihtout NAT). So what i have to do if i want to.
I know that i have to make somekind of DMZ where i can put that VMware interface, but how do i do it?
Can i make static route to ASA like 5.4.3.184/29 --> 10.2.72.2 and then on the router i make vlan which has ip 5.4.3.185 and then put my VMware interface to there?
I think thats not good option?
network.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml