Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
1
Replies

New Type of Firewall Config (for me)

pjohnson5480
Beginner
Beginner

‎09-19-2012 01:41 PM - edited ‎03-11-2019 04:56 PM

OK - this is a different type of config for me so I am reaching out for  some advise / help.  I manage many cisco asa 5520's and I am in the  process of converting one asa from a block of 30 outside addresses of to  a 50 Meg Cox cable modem with a block of 30 cidr addresses.

Normally  I would just reference an outside address and bingo, things would work  right.  In this case I found out so far that I could only get internet  access through this cable modem by setting up the outside interface of  the asa with dhcp - then it grabbed a public wan address, added a route  to the asa 5520 and then I had internet access out through the cable  modem.

My question / problem / nuance to me is when I reference /  assign  one of our cidr addresses to a device (like a server) and that  is natted from the dmz to the outside address I don't get access to the  device.

I'm thinking I have to do something special to set up  these cidr addresses but having never done this before I am reaching out  for some advise.

my outside dhcp assigned wan address is 70.168.x.1xx with a gateway of 70.168.x.1

The cidr block I have been assigned from the cable company is

184.185.x.x/27

The  cable company also has suggested a default gateway address withing the  cidr block and a first useable and last useable address.

I must say that I usually look to over complicate things by thinking things are more difficult than they really are.

Can  anyone get me pointed in the right direction so I know how to assign  these cidr addresses and have then accessable from the outside???

Thanks in advance

Paul

Labels:
0 Helpful
1 Reply 1

Jouni Forss
Mentor
Mentor

‎09-20-2012 12:08 AM

Hi,

So from what I understand you should have your own public IP address range of /27 usable through your current connection. Yet it only works with setting the ASA outside to use DHCP and doesnt work when you staticly assign an IP address from the /27 address range and set the default route.

If the above is the case I'm kinda wondering why you are even getting IP address with DHCP from the ISP if you are supposed to have your own public address block.

You sure the ISP has its side configured correctly?

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents