Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2268
Views
0
Helpful
3
Replies

Pass Public IP through ASA5505

Go to solution
david_mundt
Level 1
Level 1

‎11-26-2019 09:01 AM - edited ‎02-21-2020 09:43 AM

I've got a client with an old ASA5505 (Cisco Adaptive Security Appliance Software Version 8.4(4) Device Manager Version 6.4(9) and they have 5 public IPs. I've natted one of the public IPs to the inside address of a SimpleWAN firewall. The SimpleWAN errors out when it sees the natted traffic so if it is possible I'd like to assign one of my public IPs to the SimpleWAN and allow all that traffic to pass through the ASA.

 

Is this config possible? Thank you in advance for your assistance. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to david_mundt

‎11-26-2019 03:07 PM

What I meant was acquire another public IP subnet and route that through the ASA, as you can't route the spare IP address of a network defined on the outside of the ASA to the inside of the ASA.

Alternatively if you say the SimpleWAN device is a firewall, move it's outside interface to the outside of the ASA, by plugging the router, ASA and SimpleWAN device into a layer 2 switch. This does mean the SimpleWAN firewall will not be behind the ASA, but that's all you can do without acquiring another public IP range.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎11-26-2019 01:48 PM

Hi,
You get an IP subnet from your ISP and just route through to the SimpleWAN device.
HTH
0 Helpful

Go to solution
david_mundt
Level 1
Level 1
In response to Rob Ingram

‎11-26-2019 02:57 PM

This is precisely what I want to do. My question is I've only got 1 block of 5, 4 of which are being used on my ASA. I want to know if I can assign the simple wan interface the remaining IP and route to it through an interface on the ASA.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to david_mundt

‎11-26-2019 03:07 PM

What I meant was acquire another public IP subnet and route that through the ASA, as you can't route the spare IP address of a network defined on the outside of the ASA to the inside of the ASA.

Alternatively if you say the SimpleWAN device is a firewall, move it's outside interface to the outside of the ASA, by plugging the router, ASA and SimpleWAN device into a layer 2 switch. This does mean the SimpleWAN firewall will not be behind the ASA, but that's all you can do without acquiring another public IP range.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card