cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
310
Views
0
Helpful
3
Replies

ASA 5510: Multi Public IP

Nicolas Coppee
Level 1
Level 1

Hi,

For my company, i must using most of 1 public ip address.

My FAI (Proximus in Belgium) has routed 4 IPs into my outside network (behind the FAI router).

 

Each ip address has into the same subnet.

How can i add most of 1 ip address on my outside interface?

I've thinking multi context using but i need build VPN L2L and SSL...


Thank you in advance.

1 Accepted Solution

Accepted Solutions

Is It possible of nat a port from a public ip address if isn't the address of the public interface?

Yes it is.

You simply configure your NAT statements on the firewall, no need for those public IPs to be assigned to a physical interface.

If the IPs are from the same subnet as your outside interface IP and you have configured static NAT statements with these IPs then when the ISP requests the mac address for any of these IPs your firewall will respond with it's outside interface mac address so that the packets are sent to it.

Jon

View solution in original post

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Nicolas

You don't need to assign the other public IPs to your outside interface.

As long as your ISP routes traffic for those IPs to your outside interface which you say they are doing then you can use the IPs in your NAT statements on the firewall and it will work.

They don't need to be assigned to a physical interface.

For VPN and SSL you would use the outside interface IP of your firewall not any of the spare public IPs.

Jon

 

Thanks you Jon for your answer.

But, that's will work for outside.

I need using multi public ip for expose 4 http server on port 443 and 80.

 

Is It possible of nat a port from a public ip address if isn't the address of the public interface?

Is It possible of nat a port from a public ip address if isn't the address of the public interface?

Yes it is.

You simply configure your NAT statements on the firewall, no need for those public IPs to be assigned to a physical interface.

If the IPs are from the same subnet as your outside interface IP and you have configured static NAT statements with these IPs then when the ISP requests the mac address for any of these IPs your firewall will respond with it's outside interface mac address so that the packets are sent to it.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: