Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
1
Replies

Second public IP on ASA 5512-x

gilbert.van.hemert
Level 1
Level 1

‎10-24-2013 05:10 AM - edited ‎03-11-2019 07:55 PM

We use a Cisco ASA 5512-x and have an external IP block from *.*.*.40 to *.*.*.46. The internet connection is delivered on a next hop .50 where the ASA routes the traffic.

At the moment we have a Polycom HDX wich uses the .42 IP adress and we installed an Exchange and Lync server. We want to use a new public IP (.43) for these servers with ports 25, 80, 444 and 5061.

The .42 IP address is being picked up by a Netgear router with port forwarding to the Polycom. We only use this for some guest accounts wifi. My servers use this internal IP address of the Netgear (192.168.2.254) for its internet connection. The situation:

ISP --> ASA --> Netgear --> Polycom HDX

The Netgear is connected to the ASA with the WAN port.

When I want to use the .43 public IP address for my Lync server how do I configure it? Do I need to connect it directly to a port on the ASA or do I need to give the server an extra IP address on it's network adapter (or just a second adapter)? Or can I connect my server to my switch (connected to my Netgear router) and use it that way?

Thank you in advance.                

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎10-24-2013 05:24 AM

Hi,

I am not sure why there is another NAT device behind the ASA and why the servers are behind this NAT device?

I assume that in your setup the ASA doesnt see the actual IP address of the server directly?

If you can spare a public IP address for only this server by doing Static NAT then I would configure

object network SERVER

host

nat (sourceint,destinationint) static

And create ACL rules to allow the ports required.

But to be honest seems to me that you would need NAT configurations on the Netgear also?

Best situation would be to have the server so that the ASA can "see"/reach its local IP address directly and configure Static NAT for that local IP address.

Can you clarify the situation a bit. You are talking about a server but are also talking about Polycom which doesnt have anything to do with this server and its NAT configurations?

It might help to see your ASA configurations (without any actual public IP address information)

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card