cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

644
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA5520 and Public IP Zone

Hello to those interested

I'm trying to setup a zone behind my firewall with complete publicly routeable IP addresses for 3 servers. The reason I'm doing this is I am in the network setup stage of an OCS implementation, and OCS connections don't behave well with NAT.

My device is a ASA5520. I have an internal zone, and a dmz zone. These are done via standard NAT configurations.

My question is this:

Is it possible to setup connectivity to the outside with internal servers that have Public IP's directly on their NIC's? Another little detail of interest is that this ip space is seperate than the one that's on current Outside interface facing our ISP. However we own both address space.

3 REPLIES 3
Highlighted
Enthusiast

Nat the DMZ to itself to the outside. Then so long as the ISP is routing traffic for the second IP space to your firewall or router then you should be good. Not sure what you Internet router setup is like.

Sent from Cisco Technical Support iPhone App

Highlighted

I don't understand thist part

"Nat the DMZ to itself to the outside"...can you give me an example?

Also we have no idea how our ISP router is. We don't have any access to it. I might have to call them to get any details.

Highlighted
Enthusiast

you can do the following:

static (dmz,outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.0

this way anything heading from the DMZ to the outside will be NAT'ed to itself.

As for the ISP portion, you will need to understand how the other IP Address space wil be routed to the firewall. That's all..

Content for Community-Ad