cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2957
Views
10
Helpful
3
Replies

Multiple public IP on outside interface for static NAT

MrBeginner
Spotlight
Spotlight

Hi ,

I would like to configure multiple public ip (same subnet) on outside interface of ASA.

I want to use static NAT for specific purpose.For example i have 8 public IP and I want to use 1 is internet ,1 for VPN  ,1 for DMZ server,2 for other SERVERS and all ip want to assign on ASA. i don't want to use sub interface.

So how to assign the multi IP on single interface. I can do on Fortigate firewall and Juniper firewall by using proxy arp.

When i try in ASA  i don't know why cannot do . ASA didn't support ?

Please let me know can i assign multiple ip on e0 interface in attachment ?

1 Accepted Solution

Accepted Solutions

Yes. You define a static NAT, this defines the real IP address, identifies the source/destination interfaces and the mapped public IP address.

 

Example:-

 

object network SVR
host 172.16.1.1
nat (INSIDE,OUTSIDE) static 1.2.3.4

 
HTH

View solution in original post

3 Replies 3

Hi,
You don't need to assign multiple IP addresses to the outside interface. You just need the static NAT entries, you may need a static route(s) defined on the upstream router (ISP) to route the public IP addresses to the ASA's existing outside interface IP address (if the public IP addresses are on a different network to the IP address assigned to the outside interface).

HTH

HI,

Do you mean only NAT is enough ? If i do NAT on my ASA,the outside network automatically know how to go the my public ip which didn't physically assign on physical interface ?

for example - In Juniper firewall ,we need to map public ip list and interface by using proxy arp.

In asa i only see check box only. it will automatically know our outside interface is using those public ip which configure in nat ?

 

example :

101.101.102.1 static nat->192.168.1.10

101.101.102.2 static nat->192.168.2.10

101.101.102.3 static nat ->192.168.2.10

 

Yes. You define a static NAT, this defines the real IP address, identifies the source/destination interfaces and the mapped public IP address.

 

Example:-

 

object network SVR
host 172.16.1.1
nat (INSIDE,OUTSIDE) static 1.2.3.4

 
HTH

Review Cisco Networking for a $25 gift card