https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959553#M401385 <P>Hello,</P><P>I have run out of public facing IP addresses and I need more.</P><P>Assuming I have been issued 1.1.1.0/24 and my new/additional range/subnet issued is 2.2.2/0/24 - Can I carry on with the same configuration on my ASA5510 and just add static NAT for new services in the 2.2.2.0/24 range.</P><P>i.e.existing config</P><P>route 0.0.0.0 0.0.0.0 1.1.1.254 (upstream ISP)</P><P>Interface outside ip address 1.1.1.1 255.255.255.0</P><P></P><P>NAT 2.2.2.1 to 10.1.2.3</P><P>or, assume my ISP will deliver 2.2.2.1 to my outside interface (1.1.1.1.1/24) and if my NAT is in place it will get delivered to 10.1.2.3 inside.</P><P>or, put another way I dont need change my set-up as I just static route to my ISP!</P><P></P><P>PS? </P><P>my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?</P><P>i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31</P><P>Outside interface = 1.2.3.1/27</P><P>Can I use 1.2.3.31 and NAT it to an internal server?</P><P></P><P>Thank you in advance.</P> Mon, 11 Mar 2019 23:36:56 GMT geraghtyconor 2019-03-11T23:36:56Z https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959553#M401385 <P>Hello,</P><P>I have run out of public facing IP addresses and I need more.</P><P>Assuming I have been issued 1.1.1.0/24 and my new/additional range/subnet issued is 2.2.2/0/24 - Can I carry on with the same configuration on my ASA5510 and just add static NAT for new services in the 2.2.2.0/24 range.</P><P>i.e.existing config</P><P>route 0.0.0.0 0.0.0.0 1.1.1.254 (upstream ISP)</P><P>Interface outside ip address 1.1.1.1 255.255.255.0</P><P></P><P>NAT 2.2.2.1 to 10.1.2.3</P><P>or, assume my ISP will deliver 2.2.2.1 to my outside interface (1.1.1.1.1/24) and if my NAT is in place it will get delivered to 10.1.2.3 inside.</P><P>or, put another way I dont need change my set-up as I just static route to my ISP!</P><P></P><P>PS? </P><P>my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?</P><P>i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31</P><P>Outside interface = 1.2.3.1/27</P><P>Can I use 1.2.3.31 and NAT it to an internal server?</P><P></P><P>Thank you in advance.</P> Mon, 11 Mar 2019 23:36:56 GMT https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959553#M401385 geraghtyconor 2019-03-11T23:36:56Z https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959554#M401386 <HTML><HEAD></HEAD><BODY><P> Hi,</P><P></P><P>Yes you can use that for the NAT/PAT but make sure that proper routing is done from your end and ISP end to route the new Public IP pool. In your ISP router both the subnets 1.1.1.0/24 and 2.2.2.0/24 routed and advertised properly as well as from your LAN. If so you can use the additional public ip for your purpose.</P><P></P><P>Please do rate if the given information helps.</P><P></P><P>By</P><P></P><P>Karthik</P></BODY></HTML> Wed, 01 Aug 2012 11:17:35 GMT https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959554#M401386 nkarthikeyan 2012-08-01T11:17:35Z https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959555#M401387 <HTML><HEAD></HEAD><BODY><P> I would add the new outside IP 2.2.2.2 as a secondary IP on the 1.1.1.1 interface and add NAT rules. I don't believe the static default route would change.</P><P></P><P>No, you can't use a network or broadcast IP in a block for anything.</P></BODY></HTML> Wed, 01 Aug 2012 15:18:03 GMT https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959555#M401387 paclark01 2012-08-01T15:18:03Z https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959556#M401388 <HTML><HEAD></HEAD><BODY><P> Hi,</P><P></P><P>Earlier i dint gone through your query completely. Your another query</P><P></P><P>my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?</P><P>i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31</P><P>Outside interface = 1.2.3.1/27</P><P></P><P>You can use 1.2.3.1-30 not the 31 neither .0 for your NAT/PAT. In any scenario you cannot use the Network id and Broadcast address. Peter clark is right.</P><P></P><P></P><P>By</P><P></P><P>Karthik</P></BODY></HTML> Thu, 02 Aug 2012 04:30:18 GMT https://community.cisco.com/t5/network-security/additional-public-ips-added-to-my-outside-interface/m-p/1959556#M401388 nkarthikeyan 2012-08-02T04:30:18Z