RT-N66U behind a ASA5505

[G37x]

Hi guys,

My current setup is Internet - RT-N66U - Switch - Clients. I have a lot of IP cameras and have DDNS set up in RTN66U.
I recently got a ASA5505, which I used to connect to my company...The set up required is Internet - ASA - RTN66U - Switch clients. ASA has a home vlan set up, with 4 ports being part of this vlan. One of these ports is used to connect my RTN66U.
Everything works with this set up but one thing. DDNS is not working anymore on my RT-N66U, the router is complaining about getting a private IP (192.168.x.x) from ASA and that it will not work with that.

Can you please help with any advice on what needs to be changed by keeping the way all devices connect in place? If possible only make changes to Asus router.

Thanks!

 

[coxhaus]

Once you have the ASA5505 up and running you will need to turn off the firewall on the ASUS router if you still want to use the router as a router. Dynamic DNS will need to be transferred to the ASA5505 where your outside IP address will reside. You may just want to run the ASUS as an AP and turn off everything on the ASUS router but the wireless. There are lots of options on this network configuration.
PS
Make sure you are only running one DHCP server per network.

 

[G37x]

Thanks. My intention is to run as little as possible on ASA. Also since I have all my cfg already done on Asus (port fwd etc), I also don't want to loose that.

What is the best way to do it then?

 

[Cloud200]

If the only thing you are having issues with is the DDNS, then try and set up DDNS on a PC in the house rather than on the router.

either that, or set it up on the ASA.


the better option would be to set 1:1 NAT on the ASA point to the RT-N66 but thats really only an option if you have multiple IP addresses.

 

[coxhaus]

I don’t think trying to use the ASUS firewall is a good idea. You need to transfer the firewall to your front door the ASA5505.

 

[G37x]

Thanks guys. So to summarize, I want to use as much as possible the cfg on Asus. After all, that is my device, the ASA is with me as long as I'm with co.

It would be so nice if I could just add something to the Asus, like some static routes or something and have all fixed w/o touching the asa. However I'm pretty positive that is not possible?

 

[coxhaus]

You can create a second network with your ASUS router and route from the ASA5505 to the ASUS but there is no need to run a firewall on the ASUS router because it is now inside of your network. You could still use DHCP in this second network and static mapping on the ASUS router. You need a network defined to ASA5505 and just connect your ASUS router to the ASA5505 network. The ASA5505 will need to know about the ASUS network and point to the ASUS router for that network.

 

[Cloud200]

Is there any reason you can't just point the DMZ of the ASA to the Asus?

 

[coxhaus]

If you do that then what is the purpose of the ASA5505?

 

[G37x]

I'm telling you, this might not be as easy it it sounds once you get down to cfg...
Will be checking more stuff and provide updates.

Thanks!

 

[G37x]

The easiest solution is to swap the order: Cable modem -> RT-N66U -> ASA

 

[coxhaus]

I am glad you figured it out. It is no fun running 2 firewalls together.