05-23-2012 04:38 AM - edited 02-21-2020 04:39 AM
Hi,
Please find my current interface IP.
I want to add one more public IP on it.
interface Ethernet0/0
description ASA Outside segment
speed 100
duplex full
nameif OUTSIDE
security-level 0
ip address 62.173.33.76 255.255.255.240
!
interface Ethernet0/1
description VLAN AGGREGATION point
no nameif
no security-level
no ip address
!
interface Ethernet0/1.2
description INSIDE segment (User)
vlan 2
nameif INSIDE
security-level 100
ip address 192.168.172.1 255.255.255.0
!
interface Ethernet0/1.3
description LAN
vlan 3
nameif LAN
security-level 100
ip address 192.168.173.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
please help i will be very greatful.
thanks,
05-23-2012 04:46 AM
You have an empty eth0/2 and eth0/3, you can assign the public ip on it.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-23-2012 05:08 AM
Hi Varun,
Please find error message.
FAST-HQ-ASA(config)# interface ethernet0/2
FAST-HQ-ASA(config-if)# ip address 62.173.33.69 255.255.255.240
ERROR: Failed to apply IP address to interface Ethernet0/2, as the network overlaps with interface Ethernet0/0. Two interfaces cannot be in the same subnet.
FAST-HQ-ASA(config-if)#
Please suggest.
Thanks,
05-23-2012 05:11 AM
No, you cannot do that. You cannot assign two public ip's of same subnet on two interfaces, firewall will not allow you, it needs to be of different subnet.
Thanks,
Varun Rao
Security Team,
Cisco TAC
05-23-2012 05:14 AM
ok i got it but can please explain me how i do.
i have seen some answer its pasted down.
Re: ASA 5505 v7.2 - multiple public IPs on Outside
Hi did yo tried this way
nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 11.11.11.11
nat (inside) 2 192.168.22.0 255.255.255.0
global (outside) 2 22.22.22.22
05-23-2012 05:22 AM
I want to create VPN and one public is already assign for internet use 62.173.33.76.
so i want to add one more public IP 62.173.33.69 to configure VPN on ASA.
is it right way what i am thinking.
because on 62.173.33.69 (Public IP) we are running some application and thats why we want to create VPN so i have to add 62.173.33.69 in ASA.
please correct me if i am wrong.
Thanks,
05-23-2012 05:43 AM
Hi Varun,
I am waiting for reply.
Please suggest me what to do.
Thanks,
05-23-2012 06:32 AM
Hi Hemant,
If you are thinking about terminating the VPN tunnel on the outside interface then you need not add any other IP address on the ASA, you can terminate it on the outside interface.
In the VPN tunnel you can easily identify which particular traffic should go through, and segragate your internet traffic with the VPN traffic.
Thanks,
Varun Rao
Security Team,
Cisco TAC
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide