cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

425
Views
0
Helpful
5
Replies
Highlighted
Beginner

Two public external addresses need to talk to one another

I have two external address that need to talk to each other.

I know this does NOT require a VPN tunnel to do so and NAT is not needed either.

I need to enable access on the outside interface for a public ip>

(public IP that lives on my ASA <------------------------- > needs to talk to another public ip that lives on the outside of my network)

Any help or suggestions would be appreciated!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Two public external addresses need to talk to one another

Hello,

Then it should not reach the ASA at all as it's on the outside interface.

Internal subnet -----ASA----Outside subnet------Switch----ISP Modem-------------- Internet-----Other PC

                                                                      |

                                                                      |

                                                            Outside PC

Communication does not need to flow to the ASA if the ISP modem router or whatever device it's there has the right mac address assignment for Outside PC Ip address,

Clear enough? let me know

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

5 REPLIES 5
Highlighted

Two public external addresses need to talk to one another

Hello Shawn,

So basically a user that is outside the ASA but on the same subnet than the ASA outside interface wants to communicate with a public address that is being used by an internal address via NAT, Rigth?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Highlighted
Beginner

Two public external addresses need to talk to one another

Well Host B which is not on my network needs to talk to Host A which is on my network.

Both have public ip addresses.

Highlighted

Two public external addresses need to talk to one another

Hello,

Then it should not reach the ASA at all as it's on the outside interface.

Internal subnet -----ASA----Outside subnet------Switch----ISP Modem-------------- Internet-----Other PC

                                                                      |

                                                                      |

                                                            Outside PC

Communication does not need to flow to the ASA if the ISP modem router or whatever device it's there has the right mac address assignment for Outside PC Ip address,

Clear enough? let me know

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Highlighted
Beginner

Two public external addresses need to talk to one another

Figured it out... I added both external ips via an permit acl to the outside interface.

Thanks for replying.

Highlighted

Two public external addresses need to talk to one another

Hello,

Sure, my pleasure,

Please mark the question as answered so future users can learn from this

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC