cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

342
Views
0
Helpful
1
Replies
Highlighted
Beginner

New Type of Firewall Config (for me)

OK - this is a different type of config for me so I am reaching out for  some advise / help.  I manage many cisco asa 5520's and I am in the  process of converting one asa from a block of 30 outside addresses of to  a 50 Meg Cox cable modem with a block of 30 cidr addresses.

Normally  I would just reference an outside address and bingo, things would work  right.  In this case I found out so far that I could only get internet  access through this cable modem by setting up the outside interface of  the asa with dhcp - then it grabbed a public wan address, added a route  to the asa 5520 and then I had internet access out through the cable  modem.

My question / problem / nuance to me is when I reference /  assign  one of our cidr addresses to a device (like a server) and that  is natted from the dmz to the outside address I don't get access to the  device.

I'm thinking I have to do something special to set up  these cidr addresses but having never done this before I am reaching out  for some advise.

my outside dhcp assigned wan address is 70.168.x.1xx with a gateway of 70.168.x.1

The cidr block I have been assigned from the cable company is

184.185.x.x/27

The  cable company also has suggested a default gateway address withing the  cidr block and a first useable and last useable address.

I must say that I usually look to over complicate things by thinking things are more difficult than they really are.

Can  anyone get me pointed in the right direction so I know how to assign  these cidr addresses and have then accessable from the outside???

Thanks in advance

Paul

1 REPLY 1
Highlighted
Mentor

Hi,

So from what I understand you should have your own public IP address range of /27 usable through your current connection. Yet it only works with setting the ASA outside to use DHCP and doesnt work when you staticly assign an IP address from the /27 address range and set the default route.

If the above is the case I'm kinda wondering why you are even getting IP address with DHCP from the ISP if you are supposed to have your own public address block.

You sure the ISP has its side configured correctly?

- Jouni

Content for Community-Ad