05-29-2017 04:18 PM - edited 03-12-2019 02:26 AM
I have an ASA 5506 which currently has an outside interface configured with one of our external IP's, let's just call it: 192.168.0.10/24
I want to configure another interface for our DMZ, using another one of our external IP's, say: 192.168.0.11/24
Well, I'm getting an error about overlap, so I'm assuming something I'm doing is fundamentally wrong (which is fine I'm new to this).
Can someone explain how you would normally configure this, that is to have the "outside" interface and "DMZ" interface both have their own unique external IP's (from the same block)?
Solved! Go to Solution.
05-29-2017 04:57 PM
You can't use the same subnet on different interfaces. If you want public IP address space in your DMZ, then you'll need to ask your ISP for an extra block and to route that via the IP address you have assigned to your ASA.
Otherwise you'll need to use a private IP address block on your DMZ and to NAT through to those IP addresses.
05-29-2017 04:57 PM
You can't use the same subnet on different interfaces. If you want public IP address space in your DMZ, then you'll need to ask your ISP for an extra block and to route that via the IP address you have assigned to your ASA.
Otherwise you'll need to use a private IP address block on your DMZ and to NAT through to those IP addresses.
05-29-2017 06:09 PM
Ok thanks, that's exactly what I needed to know (and makes sense now that I think about it).
05-29-2017 06:33 PM
I dont quite understand what you are doing, if you have a public address range as you say call it
192.168.0.0/24, then say inside is 10.0.0.0/24 and DMZ is 172.16.0.0/24, then you can nat devices on both networks to the public address space
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide