Cisco ASA5512x and ADTRAN 838T modem. Configuration question.
Greetings. I am relatively new to routing, so this might be simple.
We have a 40Mb/s Ethernet over Copper (EoC) circuit. This is essentially high speed DSL.
Our circuit goes into an ADTRAN 838T Modem running in "bridged" mode.
Out of the ADTRAN, an Ethernet cable goes into a small business (what I would term "consumer") router, a Cisco WRV210. This router has the "WAN" setup configured per our ISP.
The "LAN" side of the router (WRV210) has our /29 network plugged in (local IP of the router and 255.255.255.248 mask).
The "LAN" side of the router (WRV210) connects via Ethernet cable to our "outside" interface of our Cisco ASA5512x firewall/router.
We were told by the ISP that since the ADTRAN runs in "bridged" mode, that a router was necessary between it and our network.
We were told by our IT consultant that we could not simply connect the ADTRAN to the ASA5512x.
So .... I am curious why a Cisco ASA5512x cannot have a bridged ADTRAN 838T connected to it and router that network from one interface to another interface. Maybe it's obvious to the experts, but not to me.
Also, it looks like the WRV210 is more of a "consumer" router (it has wireless, is plastic, and weights all of 8 ounces or so). Looking at the "System Up Time" on the WRV210 today (just at random), it showed 1 hour 46 minutes. That doesn't inspire confidence. Also, every so often the "Outside" Gig Interface on the ASA simply goes "down", then "up" again. I suspect the WRV210 is not overly reliable. Finally, we're considering a VoIP solution early next year, so I'm wondering if I want all our network traffic, including VoIP, going through this $150 consumer router.
Suggestions ?
Thanks much.
-Stephen
We have a 40Mb/s Ethernet over Copper (EoC) circuit. This is essentially high speed DSL.
Our circuit goes into an ADTRAN 838T Modem running in "bridged" mode.
Out of the ADTRAN, an Ethernet cable goes into a small business (what I would term "consumer") router, a Cisco WRV210. This router has the "WAN" setup configured per our ISP.
The "LAN" side of the router (WRV210) has our /29 network plugged in (local IP of the router and 255.255.255.248 mask).
The "LAN" side of the router (WRV210) connects via Ethernet cable to our "outside" interface of our Cisco ASA5512x firewall/router.
We were told by the ISP that since the ADTRAN runs in "bridged" mode, that a router was necessary between it and our network.
We were told by our IT consultant that we could not simply connect the ADTRAN to the ASA5512x.
So .... I am curious why a Cisco ASA5512x cannot have a bridged ADTRAN 838T connected to it and router that network from one interface to another interface. Maybe it's obvious to the experts, but not to me.
Also, it looks like the WRV210 is more of a "consumer" router (it has wireless, is plastic, and weights all of 8 ounces or so). Looking at the "System Up Time" on the WRV210 today (just at random), it showed 1 hour 46 minutes. That doesn't inspire confidence. Also, every so often the "Outside" Gig Interface on the ASA simply goes "down", then "up" again. I suspect the WRV210 is not overly reliable. Finally, we're considering a VoIP solution early next year, so I'm wondering if I want all our network traffic, including VoIP, going through this $150 consumer router.
Suggestions ?
Thanks much.
-Stephen
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I am assuming that you are doing the NAT on the cheap router.
You should be able to remove the cheap router and configure one of the interfaces on the ASA with the same public IP address as the cheap router, and to the NAT'ing on the ASA.
You should be able to remove the cheap router and configure one of the interfaces on the ASA with the same public IP address as the cheap router, and to the NAT'ing on the ASA.
ASKER
I'm still investigating permanent solution, but this is useful information. Thank you.
ASKER
The cheap router has a "WAN" address I presume what is the ADTRAN's address, but the "LAN" address is not our internal network. It is our external-facing /29 network address. We have a pool of 4 available IPs. We use two of them (one for our mail server - NATed internally, and one for our VPN connection, which is essentially our "outside" interface address).