10-04-2013 08:49 AM - edited 03-11-2019 07:47 PM
Forgive me if this question has been asked in other forms before but I have not been able to find a recent answer.
Does the Cisco ASA platform support /31 RFC 3021 addressing on it's interfaces in any of the latest versions of code. We work regularily with a service provider who's default offering is /31 addressing for public addresses and we always have to request at least a /30 address space for the ASA to work with.
It would be really useful to allocate a /31 address to the ASA interface.
As a secondary question linked to this - My understanding is as follows:-
1. For the ASA to terminate VPNs, the public IP address must be the actual outside interface address on the ASA terminating the VPNs.
2. All other firewall activities handling traffic via NAT could use an RFC1918 address on the outside interface with the SP provided public address just configured as NAT address/object NAT.
Are items 1 and 2 above correct statements ?
Thanks is advance for any replies and forgive me if these are rather basic questions.
Regards,
Robert
10-04-2013 09:00 AM
Hi,
Seems to me that the ASA doesnt support /31 mask subnets. I can't remember I would ever even tried using these on ASAs but I have used them on Cisco routers.
This is the result from my own home ASA5505 9.0(2)
ASA(config)# interface vlan 20
ASA(config-if)# ip add 10.0.255.1 255.255.255.254
ERROR: /31 mask is not allowed
As to your 2 other questions,
1.) For VPNs you will have to use the IP address configured on the ASA interface.
2.) You can use the IP address configured on the ASA interface as the Dynamic PAT IP address for all your internal networks. You can naturally also have additional public subnets (if the ISP provides you those) on that same external interface where the current link network is if you need additional NAT IP addresses.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide