Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
0
Helpful
1
Replies

Adding Second subnet to Outside interface ASA 5512X 9.2

paulwtownsend
Level 1
Level 1

‎12-19-2016 07:30 AM - edited ‎03-12-2019 01:40 AM

Have a client who only had provision for single IP address on the outside interface. Now they have had a another /29 subnet as they needs have increase. The current outside IP has 4 L2L VPN and 9 DNS entries , so instead of have to rekey all the changes I've tried to use the proxy arp and asked the ISP to route traffic for the new subnet to the public IP on he Outside interface. 

interface GigabitEthernet0/0

 nameif OUTSIDE

 security-level 0

 ip address <EXISTING_PUBLIC_IP> 255.255.255.252

interface GigabitEthernet0/1

 nameif INSIDE

 security-level 100

 ip address 10.14.9.1 255.255.255.128

object network DTC-RDP/HTTPS

 host 10.14.9.3

nat (INSIDE,OUTSIDE) static <FIRST NEW PUBLIC IP>

access-list OUTSIDE_ACCESS_IN extended permit tcp any host 10.14.9.3 eq https

If i hit https://<FIRST NEW PUBLIC IP> I don't get a response from the server.  Before I talk to the ISP have I made a response a configuration error. 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎12-19-2016 08:16 AM

How is the the additional subnet configured by the ISP?

  • If they route the network to the ASA-IP, it should work.
  • If the ISP configured the network as a secondary network, then you need the following commad on the ASA:
arp permit-nonconnected

And you can use packet-tracer to check it:

packet-tracer input outside tcp 1.2.3.4 1234 NEW-PUBLIC-IP 443

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card