Solved: -- asa5510, set of public ip

scalacisco · ‎07-25-2008

Hi all,

Today, my ASA5510 outside interface have the ISP IP (from DHCP aaa.bbb.50.144).

I do use NAT to access a web server in a DMZ ("static (dmz,outside) interface 172.16.1.80 netmask 255.255.255.255") from the outside interface.

Tomorrow, we will have our own IP x.y.z.36/30, so x.y.z.37 for the ISP facility and x.y.z.38 for our ASA5510.

With also a set of public addresses j.k.l.64/27 to access our web servers on specific addresses like j.k.l.65 > 172.16.a.a, like j.k.l.66 > 172.16.a.b, bla bla bla

My questions are:

A. Will the outside interface have the address x.y.z.38 or one of the j.k.l.64/27 ?

B. If my outside interface have the address x.y.z.38, do i have only to do NAT to tranlate j.k.l.65 > 172.16.a.a, like j.k.l.66 > 172.16.a.b, etc ... to accesse web servers ?

x.y.z.36/30 and j.k.l.64/27 are from different ip classes.

Hope to make myself clear,

Thank you for your recommandation,

Regards,

a.alekseev · ‎07-25-2008

by the way you can use all ip addresses including network and broadcast.

j.k.l.64 and j.k.l.95

View solution in original post

a.alekseev · ‎07-25-2008

you shoud have outside interface with x.y.z.38 and default gateway x.y.z.37.

Yout ISP will have a route for j.k.l.64/27 pointing to your ASA outside interface (x.y.z.38)

on ASA you can only do NAT to tranlate j.k.l.65 > 172.16.a.a, like j.k.l.66 > 172.16.a.b, etc ...

a.alekseev · ‎07-25-2008

by the way you can use all ip addresses including network and broadcast.

j.k.l.64 and j.k.l.95

scalacisco · ‎07-25-2008

Good news, i did not know, i thought i had to exclude them because of network and broadcast.

I will test all of it as soon as i will have those IP. But in theory, everything should work :-)

Thanks for your help,