First of all, I know the ASA is not a router, but I would still like to know if this is possible.
I have two ASA 5510 in an active-standby cluster, not that I think that the fact that they are clustered will be of any importance here so feel free to think of it as a single 5510.
The internet connection is delivered in a single RJ45 connection. To be able to use it with the cluster there is a simple unmanaged switch connected between the ISP and the ASA's.
I have two subnets with public addresses, for simplicity lets call them 18.104.22.168/24 and 22.214.171.124/24. Default routers are 126.96.36.199 and 188.8.131.52 respectively.
Can I somehow use both these subnets in the ASA's?
Im currently using the first subnet and use PAT to direct traffic to internal servers.
But if I want to use adresses from the second subnet wont that mess up the routing, since there is no way I can specify the default router for the second subnet?
I have as of yet not tried anything, Im just trying to plan ahead and I cant seem to wrap my head around how this could possibly be done.
This can be done using proxy-arp but that depends of the version you are running?
What version are you running?
Great, so Proxy-arp is supported on that version.
So let's say your outside interface network is 184.108.40.206/24 and you also bought a 220.127.116.11/24 network subnet and you would like to use it.
Well you can, just by creating nat rules so your ASA will respond to packets going to 18.104.22.168/24.
Do you copy me?
Remember to rate all of the helpful posts ( if you need some assistance trying to understand how to rate posts just let me know)
I will have to read up on proxy arp then. Thank you.
But the thing I still cant figure out is how to get the routing correctly.
Lets say I use 22.214.171.124 on the external interface of the ASA.
That means the default gateway of the ASA should be set to 126.96.36.199.
I also pick up 188.8.131.52 and PAT that to an internal server.
No problems so far, everything will work.
Now, lets say I pick up 184.108.40.206 and forward some ports to another internal server.
Now the traffic coming out from this server should go to the gateway 220.127.116.11.
How do I accomplish that?
AFAIK, the ASA is not able to do any kind of policy-based or source-based routing.
Correct, that is why we need to use Proxy arp.
There wil no be a DG for thje 18.104.22.168 subnet, The modem with the Ip address 22.214.171.124 needs to know that he needs to forward all the traffic to the 126.96.36.199 subnet to the ASA, this via Proxy Arp.