Solved: Additional Public IPs added to my outside interface

geraghtyconor · ‎08-01-2012

Hello,

I have run out of public facing IP addresses and I need more.

Assuming I have been issued 1.1.1.0/24 and my new/additional range/subnet issued is 2.2.2/0/24 - Can I carry on with the same configuration on my ASA5510 and just add static NAT for new services in the 2.2.2.0/24 range.

i.e.existing config

route 0.0.0.0 0.0.0.0 1.1.1.254 (upstream ISP)

Interface outside ip address 1.1.1.1 255.255.255.0

NAT 2.2.2.1 to 10.1.2.3

or, assume my ISP will deliver 2.2.2.1 to my outside interface (1.1.1.1.1/24) and if my NAT is in place it will get delivered to 10.1.2.3 inside.

or, put another way I dont need change my set-up as I just static route to my ISP!

PS?

my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?

i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31

Outside interface = 1.2.3.1/27

Can I use 1.2.3.31 and NAT it to an internal server?

Thank you in advance.

nkarthikeyan · ‎08-01-2012

Hi,

Yes you can use that for the NAT/PAT but make sure that proper routing is done from your end and ISP end to route the new Public IP pool. In your ISP router both the subnets 1.1.1.0/24 and 2.2.2.0/24 routed and advertised properly as well as from your LAN. If so you can use the additional public ip for your purpose.

Please do rate if the given information helps.

By

Karthik

View solution in original post

paclark01 · ‎08-01-2012

I would add the new outside IP 2.2.2.2 as a secondary IP on the 1.1.1.1 interface and add NAT rules. I don't believe the static default route would change.

No, you can't use a network or broadcast IP in a block for anything.

View solution in original post

nkarthikeyan · ‎08-01-2012

Hi,

Earlier i dint gone through your query completely. Your another query

my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?

i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31

Outside interface = 1.2.3.1/27

You can use 1.2.3.1-30 not the 31 neither .0 for your NAT/PAT. In any scenario you cannot use the Network id and Broadcast address. Peter clark is right.

By

Karthik

View solution in original post

nkarthikeyan · ‎08-01-2012

Hi,

Yes you can use that for the NAT/PAT but make sure that proper routing is done from your end and ISP end to route the new Public IP pool. In your ISP router both the subnets 1.1.1.0/24 and 2.2.2.0/24 routed and advertised properly as well as from your LAN. If so you can use the additional public ip for your purpose.

Please do rate if the given information helps.

By

Karthik

paclark01 · ‎08-01-2012

I would add the new outside IP 2.2.2.2 as a secondary IP on the 1.1.1.1 interface and add NAT rules. I don't believe the static default route would change.

No, you can't use a network or broadcast IP in a block for anything.

nkarthikeyan · ‎08-01-2012

Hi,

Earlier i dint gone through your query completely. Your another query

my real public IP is a /27 can I use my broadcast address (its a legit public IP address)?

i.e 1.2.3.0/27 = 1.2.3.1 to 1.2.3.31

Outside interface = 1.2.3.1/27

You can use 1.2.3.1-30 not the 31 neither .0 for your NAT/PAT. In any scenario you cannot use the Network id and Broadcast address. Peter clark is right.

By

Karthik