cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1256
Views
10
Helpful
4
Replies

Static IP addresses behind the ASA Firewall

Rolitto
Beginner
Beginner

Hi everyone,

Following up a SOHO network that I am designing, I have an ASA 5505 firewall behind a router, and I need some end devices like the NAS and FTP server to be configured with static IP addresses so that I can access them remotely via DDNS. However, the ASA firewall provides only DHCP IP addresses, and I wonder if there is some sort of a workaround to solve my issue.

Having said that, I have already considered breaking up my LAN in two different subnets, one behind the firewall and another behind the router, but I would prefer if all end devices are behind the firewall though, so any advise is highly-appreciated, thanks in advance.

2 Accepted Solutions

Accepted Solutions

Rob Ingram
VIP Expert VIP Expert
VIP Expert

Hi,
You can manually configure the devices with a static IP address. Just make sure if using the ASA for DHCP, that those IP addresses are not given out. Alternatively DHCP reservations are supported in ASA 9.13 and above

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html

https://community.cisco.com/t5/network-security/static-dhcp-ip-to-mac-address-reservation-in-asa/td-p/1005719

 

HTH

View solution in original post

Ideally you should consider upgrading to the latest ASA and ASDM version supported by your hardware, far too many bugs in the older versions. If you upgrade ASDM, ensure you upgrade Java aswell.

Yes, those IP addresses will count towards the limit. The ASA will determine the number of unique IP addresses traversing the firewall from inside.

View solution in original post

4 Replies 4

Rob Ingram
VIP Expert VIP Expert
VIP Expert

Hi,
You can manually configure the devices with a static IP address. Just make sure if using the ASA for DHCP, that those IP addresses are not given out. Alternatively DHCP reservations are supported in ASA 9.13 and above

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/release/notes/asarn913.html

https://community.cisco.com/t5/network-security/static-dhcp-ip-to-mac-address-reservation-in-asa/td-p/1005719

 

HTH

Thanks for pointing out this to me.

I'll assign static IP addresses to the NAS and FTP server as per your advise, while excluding them from the pool of DHCP.

My ASA has IOS version 8.4(2) matched to ASDM version 6.4(5), and I struggled to make things work successfully between ASDM and Java, so I'm afraid upgrading it and messing things up.

Are static IP addresses counted along the number of concurrent IP addresses that the ASA support (10 for my Base License)?

How does the ASA consider counting concurrent IP addresses?

Ideally you should consider upgrading to the latest ASA and ASDM version supported by your hardware, far too many bugs in the older versions. If you upgrade ASDM, ensure you upgrade Java aswell.

Yes, those IP addresses will count towards the limit. The ASA will determine the number of unique IP addresses traversing the firewall from inside.

Ok noted, thanks Rob. I should then reconsider updating the IOS and ASDM versions for the long term. I hope I won't have to deal with Java issues.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers