Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
4
Replies

ASA with two IP Ranges

chubbspsu
Level 1
Level 1

‎05-13-2006 06:40 PM - edited ‎02-21-2020 12:53 AM

I have two IP ranges coming from one provider over 1 T1, both are /29's. I've recently purchased an ASA 5510 to protect the office, but can't seem to make use of the second range of IP's. I'm connecting to a Cisco 2500 router and it all works fine with no firewall.

I have the second IP of the first range as eth0/0 and the second IP of the second range as eth0/0.1.

I'm sure it has something to do with routing, but I don't know how to specify the "next hop" as I do with the router in the policy route.

I'm at my wits end and fear that this firewall doesn't have the capabilities I was told it did (by the salesman of course).

Thanks,

Steve

0 Helpful
4 Replies 4

Fernando_Meza
Level 7
Level 7

‎05-13-2006 08:53 PM

Hi ... if I understood your scenario .. you have 2 public ranges right ..? and I believe you want to use them on the ASA right ..?

Is the ASA going to replace the 2500 router ..?

Can you elaborate a quick network diagram to understand what are you trying to achieve.

0 Helpful

chubbspsu
Level 1
Level 1
In response to Fernando_Meza

‎05-14-2006 05:22 AM

Yes, two ranges and want to use them both on the ASA. I intended to leave the 2500 in place as I don't have a T1 card for the ASA.

I've thrown together a quick network diagram of how it "should" work. Just to reiterate the original post though:

from the outside, I can ping router just fine, but I can only ping the xxx.xxx.239.58 interface, this is because I have a default route on the ASA of xxx.xxx.239.57. There's no route for the xxx.xxx.237.0/29 network on the firewall. (although oddly, the router can't seem to ping the xxx.xxx.237.2 interface even though there on the same network)

The ASA is configured such that Eth0/0 is xxx.xxx.239.58/29 and Eth0/0.1 is xxx.xxx.237.2/29.

Thanks for any help!

Preview file
30 KB
0 Helpful

chubbspsu
Level 1
Level 1
In response to chubbspsu

‎05-15-2006 11:15 AM

Am I to believe that this device can not handle more then 1 ip range? If anyone could answer before my time is up to return this unit I'd greatly appreciate it.

thanks,

Steve

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to chubbspsu

‎05-15-2006 11:09 PM

you diagram does not look right .. are you able to provide the config of the 2500 router and the ASA ..

You have been given 2 public ranges so.

1.- you can configure one public range for connecting the ASA to the router ( I believe you have used x.x.239.56/29 segment ).

2.- The other range can be used as a DMZ on the ASA. You can allocate an IP address to one of its interfaces on this range ( I believe you have used x.x.237.2/29 ).

3.- You can't have x.x.237.1 on the router and x.x.237.2 on the ASA. You need to remove this from the router.

4.- You can use a third interface on the ASA for connecting your internal users.

5.- The ASA will be protecting your internal users in that way.

6.- You also need to make sure your ASA has default gateway pointing to the router.

7.- you need to make sure the route has a static route for x.x.237.0/29 pointing to the ASA.

I hope it helps ... please rate it if it does !!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card