cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3158
Views
3
Helpful
7
Replies

add one more public IP on ASA

hemant.yadav
Level 1
Level 1

Hi,

Please find my current interface IP.

I want to add one more public IP on it.

interface Ethernet0/0

description ASA Outside segment

speed 100

duplex full

nameif OUTSIDE

security-level 0

ip address 62.173.33.76 255.255.255.240

!

interface Ethernet0/1

description VLAN AGGREGATION point

no nameif

no security-level

no ip address

!

interface Ethernet0/1.2

description INSIDE segment (User)

vlan 2

nameif INSIDE

security-level 100

ip address 192.168.172.1 255.255.255.0

!

interface Ethernet0/1.3

description LAN

vlan 3

nameif LAN

security-level 100

ip address 192.168.173.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

please help i will be very greatful.

thanks,

7 Replies 7

varrao
Level 10
Level 10

You have an empty eth0/2 and eth0/3, you can assign the public ip on it.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

Hi Varun,

Please find error message.

FAST-HQ-ASA(config)# interface ethernet0/2

FAST-HQ-ASA(config-if)# ip address 62.173.33.69 255.255.255.240

ERROR: Failed to apply IP address to interface Ethernet0/2, as the network overlaps with interface Ethernet0/0. Two interfaces cannot be in the same subnet.

FAST-HQ-ASA(config-if)#

Please suggest.

Thanks,

No, you cannot do that. You cannot assign two public ip's of same subnet on two interfaces, firewall will not allow you, it needs to be of different subnet.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao

ok i got it but can please explain me how i do.

i have seen some answer its pasted down.

Re: ASA 5505 v7.2 - multiple public IPs on Outside

Hi did yo tried this way

nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 11.11.11.11


nat (inside) 2 192.168.22.0 255.255.255.0
global (outside) 2 22.22.22.22

I want to create VPN and one public is already assign for internet use 62.173.33.76.

so i want to add one more public IP 62.173.33.69 to configure VPN on ASA.

is it right way what i am thinking.

because on 62.173.33.69 (Public IP) we are running some application and thats why we want to create VPN so i have to add 62.173.33.69 in ASA.

please correct me if i am wrong.

Thanks,

Hi Varun,

I am waiting for reply.

Please suggest me what to do.

Thanks,

Hi Hemant,

If you are thinking about terminating the VPN tunnel on the outside interface then you need not add any other IP address on the ASA, you can terminate it on the outside interface.

In the VPN tunnel you can easily identify which particular traffic should go through, and segragate your internet traffic with the VPN traffic.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks,
Varun Rao
Review Cisco Networking for a $25 gift card