06-03-2020 10:33 PM
Hi ,
I would like to configure multiple public ip (same subnet) on outside interface of ASA.
I want to use static NAT for specific purpose.For example i have 8 public IP and I want to use 1 is internet ,1 for VPN ,1 for DMZ server,2 for other SERVERS and all ip want to assign on ASA. i don't want to use sub interface.
So how to assign the multi IP on single interface. I can do on Fortigate firewall and Juniper firewall by using proxy arp.
When i try in ASA i don't know why cannot do . ASA didn't support ?
Please let me know can i assign multiple ip on e0 interface in attachment ?
Solved! Go to Solution.
06-04-2020 01:36 AM
Yes. You define a static NAT, this defines the real IP address, identifies the source/destination interfaces and the mapped public IP address.
Example:-
object network SVR
host 172.16.1.1
nat (INSIDE,OUTSIDE) static 1.2.3.4
HTH
06-04-2020 12:06 AM - edited 06-04-2020 12:12 AM
Hi,
You don't need to assign multiple IP addresses to the outside interface. You just need the static NAT entries, you may need a static route(s) defined on the upstream router (ISP) to route the public IP addresses to the ASA's existing outside interface IP address (if the public IP addresses are on a different network to the IP address assigned to the outside interface).
HTH
06-04-2020 01:23 AM
HI,
Do you mean only NAT is enough ? If i do NAT on my ASA,the outside network automatically know how to go the my public ip which didn't physically assign on physical interface ?
for example - In Juniper firewall ,we need to map public ip list and interface by using proxy arp.
In asa i only see check box only. it will automatically know our outside interface is using those public ip which configure in nat ?
example :
101.101.102.1 static nat->192.168.1.10
101.101.102.2 static nat->192.168.2.10
101.101.102.3 static nat ->192.168.2.10
06-04-2020 01:36 AM
Yes. You define a static NAT, this defines the real IP address, identifies the source/destination interfaces and the mapped public IP address.
Example:-
object network SVR
host 172.16.1.1
nat (INSIDE,OUTSIDE) static 1.2.3.4
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide