09-09-2011 01:11 PM - edited 03-11-2019 02:23 PM
Is it possible to two or more public IP Addresses bound to a Cisco ASA 5505 running 8.4(2). If so, how?
Thanks in advance for your help with my request.
09-09-2011 01:55 PM
i am not really sure about your question, are you talking about assigning multiple ip's to the outside interface of the ASA, if that is the case, then on the ASA interface you can assign only one public ip, not multiple.
09-11-2011 05:17 PM
Yes, that is what I am talking about. I want to use my Cisco ASA to put a several servers behind the firewall in a DMZ. The outside interface of my Cisco ASA is a public IP address and I want to put several servers which have have public IP addresses in the DMZ behind out firewall. Is this possible?
09-11-2011 06:37 PM
What I know is you cannot assign multiple ip addresses on your asa outside interface or even on you inside and dmz interfaces unless you will be using VLAN but this will result on different network.
If you want to put or publish your server, first you must do is check if your ISP give you a block of IP Add (/28 /29) and you can use this IP Add to map to your dmz servers. Actually, you can use a single ip add to map it to your dmz servers using port mapping.
10-09-2015 11:13 AM
i want to configure two server on Asa 5505 with a different IP public.
i got a range of IP address, and i configure the two server. i'm using the asdm launcher.
10.32.1.220 to ip public 126.96.36.199
10.32.1.221 to ip public 188.8.131.52
want to make the NAT
who can help me,
10-14-2015 06:59 AM
I would recommend the following:
Please, rate helpful answers
02-05-2016 07:06 AM
Group we are looking to do something similar. We currently have a /29 on the public interface. ISP gave us another /28 which we would like to use. The issue we are having is the current IP's 207.10.X.X are mapped to the Outside interface. We would like to use the same interface for the new block in addition. We have created a NetObj 40.131.X.X which we will use for NAT to internal server. How do we get the traffic from the web to hit NAT?
Regards and thanks for any direction.
05-09-2019 11:54 PM
Hi, I have to assigned single private IP address on two interfaces of ASA. Previously we are using L3 VLan but in new IOS we cant configured L3 Vlan.
So could you please let me know if its possible now ?
ASA Model : ASA5516 IOS: 9.8(3)29
09-11-2011 09:01 PM
Yes, if you want to publish several servers behind the firewall, then it is very much possible to nat them on the ASA, lets say you have a block of public ip's from the ISP, then:
static (dmz,outside) 184.108.40.206 10.1.1.1
static (dmz,outside) 220.127.116.11 10.1.1.2
static (dmz,outside) 18.104.22.168 10.1.1.3
static (dmz,outside) 22.214.171.124 10.1.1.4
This is how you do it.
Let me know if you have anymore confusion.
09-12-2011 03:22 AM
Then they would lose their public IP Addresses would they not? If one wanted to keep their public IP addresses in the DMZ is that possible? Is this a limitation of the 5505? And yes the veil of ignorance is slowly being removed and the confusion is subsiding.
Years ago, when using a Netscreen 204, I believe we were able to have 64 IP addresses bound to the outside interface. Then again, maybe it was a routing issue where the ISP's router routing table pointed all of our IP Address to the outside interface of our firewall.
My company is using a 6509 which sits between the ISP's routers and the rest of our networks. Does that matter or change anything?
All the best!
09-12-2011 03:39 AM
Ohhhhhh....I guess I get it, correct me if I am wrong, you want to directly assign public ip on the dmz servers itself, rather than natting the public ip to the private ip on the server, well yes, it is very much possible, but there are two conditions:
1. The public ip range for the dmz server should be totally different subnet than the one that is used for the outside interface.
2. The ISP should route the second subnet of public ip's as well to be routed to your firewall.
So if you're outside interface IP is 126.96.36.199
dmz sgould be a different public ip range 188.8.131.52
This is because you can not assign to public ip's of same range on the two interfaces on ASA.
and then lets say you assign a static ip on a server in dmz as 184.108.40.206
so the config on firewall woudl be
static (dmz,outside) 220.127.116.11 18.104.22.168
and it woudl definitely work for you.
Hope this helps
09-17-2011 03:00 AM
Thank you for taking you time to answer my questions. I ended up natting a public IP address.
09-17-2011 03:03 AM
Hey thanks for getting back to me....glad to you overcame the issue
01-05-2016 07:26 PM
Hope this post could reach you since this thread is 4 years old. So I have 2 public IP segments from my ISP. And I have used all IPs from the first segment and want to utilize the second one. How can I achieved this since ASA can't assign 2 IPs on same interface (outside)? I have tried adding NAT rules using the second IP segment but it doesn't work (my DMZ servers can't be reached from outside).
Please help me out on this.
01-31-2020 09:54 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: