Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1414
Views
3
Helpful
3
Replies

Configure our own Public IP pool on Cisco ASA firewall

VG Senthil
Level 1
Level 1

‎12-08-2014 07:26 AM - edited ‎03-11-2019 10:11 PM

Hey everyone,

 

I need some assistance on the below requirement...Today we have only one internet circuit connected with our external firewall where we are using /26 public IP address for all external traffic. Now we managed to obtain our own subnet (/24) from ARIN and would like to configure on the firewall/internet router for all external services. Is my approach right in order to configure our own subnet on the firewall?

1. Create a dedicated interface on the Cisco ASA firewall for new public pool...if there is no free interface; then virtual interface also should be fine.

2. Make sure an appropriate route towards Internet router ( or create default route towards OUTSIDE interface)

3. Speak to Internet service provider and explain that you are planning to use this specific public IP address on your n/w and ask them to publish in their BGP world with proper prefix#

4.Implement one external static NAT and make sure everything works as expected.

Thanks in advance Network Experts!!!

 

Regards

VGS

 

Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎12-08-2014 11:50 AM

You have the basics. but I do have a couple comments / questions

1. What ASA are you running? If you do not have a free interface and plan to create subinterfaces, you will need to remove the configuration of one of the interfaces, then create subinterfaces and then re-apply the configuration you removed to one of the subinterfaces there...So, why not just overwrite the existing external interface?  Also, keep in mind that the ASA does not support two default routes.  (though I have heard some rumours that this might be added to the 9.3 release, but I have not had this confirmed)

4. You don't really say what you are going to use this new setup for, but if you are using it for internet then adding just a static NAT will not be enough, you will also need a dynamic NAT.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

VG Senthil
Level 1
Level 1
In response to Marius Gunnerud

‎12-08-2014 12:12 PM

Thanks for your response Marius!!!

 

I've Cisco ASA 5525 series with IOS 8.6(1)7 running currently. I'm planning to implement various external access which including HTTPS, FTP access using static NAT towards external world. I’ve a default route today towards my internet router. As I’m going to work with my ISP to publish  my own public pool on their BGP routing table what else I need to change from my firewall/Internet router front ?

0 Helpful

Marius Gunnerud
VIP
VIP
In response to VG Senthil

‎12-08-2014 11:15 PM

You would also need access lists on the external interfaces which permit the required traffic.  Other than that, you have what you need to implement what you want.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card