cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


85
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA 5510: Multi Public IP

Hi,

For my company, i must using most of 1 public ip address.

My FAI (Proximus in Belgium) has routed 4 IPs into my outside network (behind the FAI router).

 

Each ip address has into the same subnet.

How can i add most of 1 ip address on my outside interface?

I've thinking multi context using but i need build VPN L2L and SSL...


Thank you in advance.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Is It possible of nat a port

Is It possible of nat a port from a public ip address if isn't the address of the public interface?

Yes it is.

You simply configure your NAT statements on the firewall, no need for those public IPs to be assigned to a physical interface.

If the IPs are from the same subnet as your outside interface IP and you have configured static NAT statements with these IPs then when the ISP requests the mac address for any of these IPs your firewall will respond with it's outside interface mac address so that the packets are sent to it.

Jon

3 REPLIES 3
Hall of Fame Guru

NicolasYou don't need to

Nicolas

You don't need to assign the other public IPs to your outside interface.

As long as your ISP routes traffic for those IPs to your outside interface which you say they are doing then you can use the IPs in your NAT statements on the firewall and it will work.

They don't need to be assigned to a physical interface.

For VPN and SSL you would use the outside interface IP of your firewall not any of the spare public IPs.

Jon

 

Beginner

Thanks you Jon for your

Thanks you Jon for your answer.

But, that's will work for outside.

I need using multi public ip for expose 4 http server on port 443 and 80.

 

Is It possible of nat a port from a public ip address if isn't the address of the public interface?

Hall of Fame Guru

Is It possible of nat a port

Is It possible of nat a port from a public ip address if isn't the address of the public interface?

Yes it is.

You simply configure your NAT statements on the firewall, no need for those public IPs to be assigned to a physical interface.

If the IPs are from the same subnet as your outside interface IP and you have configured static NAT statements with these IPs then when the ISP requests the mac address for any of these IPs your firewall will respond with it's outside interface mac address so that the packets are sent to it.

Jon