06-21-2019 07:40 AM
I'm low on public IP's, so I wonder whether I can connect the outside interface on my Cisco ASA firewall to VRF with a link network like 10.11.12.8/30, and then route a public IP to the ASA firewall and use that IP as source for outbound NAT rules and destination for inbound traffic?
I know it can be done with configuring the outside interface link network with a public IP range, but that means using 8 public IP's for something where I only need one if the above is possible.
06-21-2019 12:02 PM
06-22-2019 12:33 AM
The public IP's are just an IP range assigned to our DC. It's not configured anywhere as a VLAN or similar. It's just a range of routes IP's. There is therefore no issues in host routing individual IP's from the public internet VRF to specific devices like the ASA.
My question is. Can I, on a Cisco ASA, use IP's which are not interface IP's as termination points for VPN connections, source for hide NAT rules etc. or does that have to be interface IP's?
06-22-2019 01:24 AM
Hi,
You have to enable ISAKMP/IKEv2 on the interface that terminates the VPN, therefore only that interface IP address will listen on UDP/500.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: