[TriLUG] OT: Router then Firewall

Steve Hoffman srhoffman at gmail.com
Mon May 15 16:19:32 EDT 2006


Can anyone suggest a decent router, that can also be used as a firewall with
NAT?  I was able to set a cisco 2500 series router to route between two
incoming connections by using route-maps.  I've recently purchased a Cisco
ASA 5510 to add a little more protection and was assured at the time of
purchase it could do what I needed..well, now I see that it can not.  If I
have to purchase a second one I will, but I'd rather have a good router that
can route between more then one inbound provider and restrict access to our
public interfaces.

Here's what I want...

All addresses are private IP's on the internal network (10.0.0.0/24)

A total of two incoming internet connections with three separate IP ranges
(2 /29's and 1 /28)

I'd prefer that all traffic go out via one default ip address UNLESS a NAT
rule is setup to translate to one of the 24 available IP addresses, at which
point the packet should go to the default gateway for that network....

I can't imagine I'm the first person to want this, but I guess I'm the first
to want to do it with an ASA?  On the surface the ASA can do everything
EXCEPT specify the next hop for an external internet connection.  It only
allows for one default route and doesn't allow for a "set default next-hop
xxx.xxx.xxx.xxx" as a router does...which shoots my whole plan to shit.
I've considered using RIP or OSPF, but unfortunately one of our internet
connections is a RR business class (hey..it's got great download speed)
connection that I can't alter the routing info so that's out.

As always, your words of wisdom are welcome.

Thanks,
Steve



More information about the TriLUG mailing list