Cisco 5505 Base with 2 x external Networks on different ranges.

fearfas86 · ‎09-08-2014

Hi Guys.

I have a ISP that is providing us with 2 networks 63.xxx.xxx.xxx/29 and 212.xxx.xxx.xxx/29 using a cisco router.
That router is connected to a 5505 with a base license. The setup would be:
0/0 Router to firewall 212.xxx.xxx.xxx
0/1 Firewall to local network switch 0/1 10.2.4.1 .....
Attached to the local network I have a couple of servers that use Nat to get the ext ip address.
For some reason the NAT on the 63.xxx.xxx.xxx network is not working, If I try to create it, the server will loose connectivity with the outside.

If I setup a server with a static ip using the 63 network behind the firewall it wont work (without the NAT that is supposed to be handled by the ISP switch), if i plug it straight to the switch it works .

The only way I have been able to get it working was to setup a secondary 5505 with the 63.xxx.xxx.xxx network and connect it as follows.

ISP RoUTER -- Switch ---2 x Cisco 5505 (connected with a site to site VPN ) one of them with the 63 and the other one with the 212 network.

I have the same config working on 5510 without any problems, might it be a license issue?

Thanks.

Maykol Rojas · ‎09-15-2014

Hello;

On the router, you can put a host route for the IP address 63.x.x.x pointing to the 212 address of the ASA? I believe that is what you are missing.

Configuration example.

ASA nat (inside,outside) source static 10.2.4.2 63.1.1.2

On the router:

ip route 63.1.1.2 255.255.255.255 212.1.1.2 (assuming 1.2 is the firewall)

That would do the trick.

Mike