cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

727
Views
0
Helpful
0
Replies
Philip Hayes
Beginner

Assigning public IPs to an ASA connected to a Hitron CGNV4-FX4

Hi There,
I hope someone can help me here, I have an ASA-5510 (9.1) connected to Hitron CGNV4-FX4 4 Port DOCSIS 3.0 eMTA Router from Virgin Business. I can route workstation traffic without any problems.

object network LAN_WAN
nat (LAN,WAN) dynamic interface

 

route WAN 0.0.0.0 0.0.0.0 xx.xx.xx.81 1

 

Lots of people seemed to be having problems with Virgin Bussiness trying to configure their routers to use their additional public IPs. I found a term people are using "WAN IP Alias".
I found if I configure any of the public IPs on the ASA WAN physical interface they work, but if I use NAT they don’t work and I am not sure why, what I am missing or doing wrong here and virgin business technical support are not very helpful, I was trying to understand the handoff from the Hitron to the ASA. When I run a packet trace in both directions it says all is well. I can see also the servers on the DMZ are tring to communicate via 83, 84 & 85.

I have 8 public IP address xx.xx.xx.80 /29, 5 usable.
xx.xx.xx.81 is the Hitron Router, xx.xx.xx.82 is the WAN interface of the ASA, xx.xx.xx.83, xx.xx.xx.84, xx.xx.xx.85 is for the DMZ services. Private network DMZ xx.xx.4.xx /28

This is what I used:-

DMZ

SMTP-Server1 = xx.xx.4.2

SMTP-Server2 = xx.xx.4.3

WEB-Server1 = xx.xx.4.4

 

object network SMTP-Server-1
  nat (DMZ,WAN) static WAN-0_xx.xx.xx.83 net-to-net

 

access-list WAN_acl extended permit ip any4 object SMTP-Server-1

 

 

object network SMTP-Server-2
  nat (DMZ,WAN) static WAN-0_xx.xx.xx.84 net-to-net

 

access-list WAN_acl extended permit ip any4 object SMTP-Server-2

 

object network WEB-Server-1
  nat (DMZ,WAN) static WAN-0_xx.xx.xx.85 net-to-net

 

access-list WAN_acl extended permit ip any4 object WEB-Server-1

 

I would be very grateful if someone who understands what the Hitron router is doing. I am hoping not to have to use a router before the ASA as this will use a public IP.

 

 

0 REPLIES 0
Create
Recognize Your Peers
Content for Community-Ad