ASA5505 connectivity to ISP router with multiple IP addresses in Primary/Secondary format

csco11142276 · ‎06-29-2015

To all experts,

Looking your support.

We on our request are supplied with new public IPv4 address range (Provide Assigned, PA) by our ISP. The ISP have configured new IP range as "Secondary" on their router interface connecting to our outside ASA interface. The ASA outside interface is in VLAN x with IP address belongs to "Primary" IP range and SVI sits on ASA. We are in dilemma now how to configure same ASA outside interface part of VLAN x with "Secondary" IP address range. The new range will be used for Nating for our internal hosts.

We are running 8.4(3) code on our ASA.

Also, alongside Secondary IP address config, is there anything need to be done around ARP config for the ASA outside interface?

Look forward to receive your responses.

Many thanks

Jai

Rishabh Seth · ‎06-30-2015

Hi Jai,

You can configure dynamic or static NAT statement based on your requirement.

In case the secondary IP pool is different than your Primary IP pool then you need to enable

config # arp permit-nonconnected

Let us know in case you have any further issue,

Thanks,

R.Seth

csco11142276 · ‎07-03-2015

Thanks R.Seth,

Do we need to set up a routing set up between ASA and ISP router for the secondary IP subnet? or is it taken care by by primary IP subnet routing?

Cheers

Jai

Vibhor Amrodia · ‎07-04-2015

Hi,

The routing will be taken care of by the ISP end. The only thing required on the ASA device would be the NAT statements.

Thanks and Regards,

Vibhor Amrodia