Showing results for 
Search instead for 
Did you mean: 


Combination of PUBLIC and LOCAL IP within one ASA 5510.


We have a ASA5510 for our LAB, connected to SDSL Modem using PPPOE.

While we needed multiple public IP address, we asked DSL service provider to provide a block of 8 IP which 5 public is usable.

We configured ASA5510 like this:

Int0 – outside connected to modem

Int1 – inside connected to internal switch

IP Route is managed by configuring PPPOE within ASA


Our inside has IP

Our outside has IP


Obviously, we could use any of the static public IP address within range /29 connected to internal interface int1 which they are all consider behind Firewall and we could manage to open port or services to any. (e.g. if we connect application mail server to one static IP facing inside network like, we could manage to open SMTP ports in/out and or SSH to trusted IP)


What we need now is to have another range of internal IP address (i.e. class C like in 3rd interface ASA (int2) and they have routed to one of the public IP within int1 (inside).


For instant, we want to have routed to and also have an opportunity to do apply firewall rules and NATing from external to internal (i.e. assume we set web-server on IP, we like to open port HTTP and HTTPS to public while external IP would be


Clearly this is possible by adding another router – but we want to use same ASA5510 for both of these requirements.

If anyone done this before or have some solution, we would apricated the help and feedback.


Mohammed al Baqari
VIP Advisor

Easiest way to move your ASA to multi-context and set one context for
inside and one for DMZ. Otherwise if your switch is L3, you can use its
routing capability.
Content for Community-Ad