I'm trying to figure out how to configure our PA2050 to point one of our public IPs in a /25 block to a Cisco ASA 5510 behind it. We're using both the PA's SSL VPN and the ASA's SSL VPN so I'd like to plug the ASA into port 2 on the PA2050 and allow it to be accessed directly via one of those public IPs.
Our upstream provider's equipment is x.x.x.1/25, interface 1 on the PA2050 is x.x.x.2/25, and I want to set up the ASA as x.x.x.125/25. Our upstream link comes directly into interface 1 of the PA2050 and I'd prefer NOT to put a switch in between them or something similar. How would I accomplish this? We've got plenty of NAT mappings working properly for various public IPs to internal RFC1918 addresses, but I'm a bit lost here.
Any pointers are appreciated, thanks in advance!
Have you considered running the ASA and the Paloalto in parallel? If you really want the ASA traffic inspected by the PA as well, you could put a vwire in front of the Cisco and then run the Cisco in parallel with the PA.
To avoid the need for a switch you could do a "one to one" nat on the WAN side of the PA to an IP on another interface that leads to the ASA. To do this build the NAT rule from the trusted side towards the internet and select the "bi-directional" option.
I do want the PA to do all the traffic inspection in this case, the ASA is *only* there as a Cisco VPN endpoint.
If I were to do the 1-to-1 NAT method, I'm not understanding how to handle the interface addresses. What address would I be setting on interface 2 of the PA2050 if I plug the ASA into that one, given that the ASA should answer to x.x.x.125/25?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!