Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
5
Helpful
4
Replies

Can one ASA5508x firewall multiple Public IP Addresses?

Go to solution
VidestraLLC
Level 1
Level 1

‎05-10-2018 12:54 PM - edited ‎02-21-2020 07:45 AM

I'm working with an installation with a single cable modem and 4 Public IP Addresses. Customer wants to put in a single ASA5508x to act as a firewall to 4 video encoders so that each encoder gets its own IP Address.  We would like each encoder to be accessed on each of the 4 public addresses and port forward (for a little bit more security) to a local address for each encoder. Is this at all feasible with one ASA5508?

To be clear we see it like this...

 

                               [Public IP1]:42554 to [Private IP1]:554

                               [Public IP2]:42554 to [Private IP2]:554

Cable Modem ->     

                               [Public IP3]:42554 to [Private IP3]:554

                               [Public IP4]:42554 to [Private IP4]:554

 

We would also like to do IP filtering on the public side to harden the connection.

From what I can tell so far - it looks like we would actually need 4 ASA5508-x to accomplish this...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎05-11-2018 12:14 AM

If the ISP provides four IPs on a single connection, then you can use them on a single ASA. Just think about a customer with a /24 network from the ISP. They don't operate 250 firewalls ... ;-)

You only need NAT as mentioned in your example and some Access-control to restrict who can access the system.

View solution in original post

4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎05-11-2018 12:14 AM

If the ISP provides four IPs on a single connection, then you can use them on a single ASA. Just think about a customer with a /24 network from the ISP. They don't operate 250 firewalls ... ;-)

You only need NAT as mentioned in your example and some Access-control to restrict who can access the system.

Go to solution
VidestraLLC
Level 1
Level 1
In response to Karsten Iwen

‎05-11-2018 07:13 AM

Doh! Yup - that does explain it clearly and concisely! Thanks!
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-11-2018 04:27 AM

As long as you have all of the public IPs assigned to you and they're in the same netblock then, yes, you can do that with a single ASA.

0 Helpful

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎05-11-2018 04:40 AM

i support customers that have a /24 public range, on the FW the outside interface has 1 public IP out of that range, and the other IP's are just NAT's. this way the FW will pretend it has the full /24. you would need to put a static route to point to your fw outside IP address for the full /24.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card