We have run out of IP addresses on our current subnet and we have been given a new additional IP address subnet range by our ISP.
Reading this paragraph from a post a couple of years ago:
The ISP would simply forward all traffic regarding the new subnet to the ASAs current WAN interface IP address and the ASA would match the destination IP address to an existing NAT you have from the new subnet. Traffic would be forwarded back to the ISP using the current default route on the ASA. No additional default route needs to be added. There would be no need for ARP/Proxy ARP between the ISP gateway and ASA for this new subnet.
I have added a static NAT for the new public IP address to an existing DMZ host and then done a firewall rule to allow it. Based on the above I thought this would then work or am I missing something else? I can't see any traffic for the new subnet hitting our firewall logs to show the connection is even being denied based on destination or source IP's. However I can see traffic leaving the system as the new public IP hitting our sister firewall logs on another site whilst trying to surf to a web page to test the routing (but the webpage doesn't display on the source).
I am also trying to triple check with the ISP that they have routed the new subnet to the correct address of our existing firewall, yet would appreciate any other suggestions in the meantime?
Solved! Go to Solution.