Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
675
Views
0
Helpful
5
Replies

Multiple private subnets to multiple public IP - ASA 5508-X

Go to solution
Naoum_George
Level 1
Level 1

‎06-29-2018 05:33 AM - edited ‎02-21-2020 07:56 AM

Hello,

I am planning to replace 2 microtick routers with an ASA 5508-X.

I have different subnets in my lan 172.16.10.0/24, 172.16.20.0/24 up to 172.16.60.0/24. Also I have a range of public IP from ISP with x.x.x.x/28.

I want each sub net to get out to internet with a different public IP from the ones I have. 

Can it be done? How.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to Naoum_George

‎06-29-2018 01:45 PM

If the outside interface ip address is 1.1.1.2, then effectively those 2 nat examples achieve the same result, outbound traffic from the defined subnet would be natted on the address 1.1.1.2.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎06-29-2018 05:57 AM

Hi,

Assuming your internal interface leading to your LAN is called INSIDE and your interface leading to the internet is called OUTSIDE, the configuration below should work. If you name the interfaces differently, you'd need to change the nat syntax accordingly.


object network NET_172.16.10.0
 subnet 172.16.10.0 255.255.255.0
 nat (INSIDE,OUTSIDE) static 1.1.1.2
 
object network NET_172.16.20.0
 subnet 172.16.20.0 255.255.255.0
 nat (INSIDE,OUTSIDE) static 1.1.1.3

object network NET_172.16.60.0
 subnet 172.16.60.0 255.255.255.0
 nat (INSIDE,OUTSIDE) static 1.1.1.4

 

interface GigabitEthernet0/0
 nameif OUTSIDE
 security-level 0
 ip address 1.1.1.1 255.255.255.0

 

interface GigabitEthernet0/1
 nameif INSIDE
 security-level 100
 ip address 172.16.0.1 255.255.255.0

 

HTH

0 Helpful

Go to solution
Naoum_George
Level 1
Level 1
In response to Rob Ingram

‎06-29-2018 01:19 PM

I was using the following command so that the specific subnet on the inside interface to have access to the internet using the IP of the outside interface. What is the difference?

 

object network Inside-Subnet
 nat (Inside,Outside) dynamic interface

Thank you.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Naoum_George

‎06-29-2018 01:25 PM

All subnets you defined in the object "Inside-Subnet" will be natted behind the ip address of the outside interface. Which is not what you initially said you wanted.
0 Helpful

Go to solution
Naoum_George
Level 1
Level 1
In response to Rob Ingram

‎06-29-2018 01:40 PM

I am sorry, I did not expressed myself correctly in my reply. If IP of outside interface is 1.1.1.2 , and inside-subnet is 172.16.10.0 255.255.255.0, what is the difference of the two commands? Will both sub nets be natted behind the same IP? The second command is used when we want to nat a subnet behind an IP that is part of the range that the outside interface also belongs?

 

object network Inside-Subnet
 nat (Inside,Outside) dynamic interface

 

object network NET_172.16.10.0
 subnet 172.16.10.0 255.255.255.0
 nat (INSIDE,OUTSIDE) static 1.1.1.2

Thanks

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Naoum_George

‎06-29-2018 01:45 PM

If the outside interface ip address is 1.1.1.2, then effectively those 2 nat examples achieve the same result, outbound traffic from the defined subnet would be natted on the address 1.1.1.2.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card