Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
2
Replies

ASA 8.4 to 9.2 with discontiguous outside IP address blocks

Steve Bellan
Level 1
Level 1

‎04-15-2016 09:43 AM - edited ‎03-12-2019 12:37 AM

Have a customer that is running 8.4 with discontiguous IP address space on the outside. They are wanting to go to 9.2. The SE they are working with told them that discontiguous IP blocks on the outside are no longer supported in 9.2. It looks like this is corrected with the "arp permit-nonconnected" command. Anyone else hear of this?

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎04-15-2016 12:21 PM

Hi Steve-

The SE is correct and 'arp permit-nonconnected' resolves the issue of having public IP's that are not directly connected.

HTH.

0 Helpful

Karsten Iwen
VIP
VIP

‎04-17-2016 02:50 AM

Here is the link to the command-reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a3.html#pgfId-1837762

If the additional address space is only used on the ASA, then consider to let the provider route the additional subnets to the ASA instead of using them as additional secondary networks. That way you can keep the (new) default behavior of the ASA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card