ASA BGP & NAT

tahscolony · ‎02-15-2016

Quick question, so hopefully easy answer. If I have a single link to a provider that has a /31 IP, can I assign that IP to the outside interface, setup BGP peering with the other IP of the /31 and then Dynamic NAT traffic going out that interface? Also what model and version software would support it?

Philip D'Ath · ‎02-15-2016

To the best of my knowledge, ASA's do not support /31's. You'll need to get a /30.

If you only have a /30 (or a /31) and no other public address space then I don't understand why you would want to use BGP. You have no routes to advertise to your ISP.

tahscolony · ‎02-16-2016

It's a Public/Private setup for a Cloud service. We would receive all their public routes over a tunnel. It's through a direct connection, not over the open Internet, but would have a VPN over the open internet as a backup, again using BGP, their routes would be redistributed into our OSPF at that point. Since we don't own Public space, we would have to NAT back to them using the /31 IP they provide. Looks like we will need to do this on the router then.

Philip D'Ath · ‎02-16-2016

If you can only get a /31 then it has to be a router.

If you can get /30 then you could probably do it on an ASA - but my first choice would be a router.

tahscolony · ‎02-16-2016

Yep, going to terminate them on an ASR 1K instead.