12-26-2012 01:50 PM - edited 03-11-2019 05:41 PM
I'm something of a routing novice so bear with me...
We have an ASA 5510 and we also have two separate address pools which have been provided by our ISP. The addresses are not contiguous. Is there a way to configure an interface on the ASA to handle both sets of public address pools? If the outside interface is set up on eth0/0 would I create two subinterfaces (eth0/0.1, eth0/0.2) and assign each subinterface an address pool? Then just NAT/PAT to my heart's content? At that point I would want both to route to our inside network. So it's basically two inbound sets of IP addresses comming into one interface and then comming into the network... Right now the outside interface is configured with our first set of IP addresses. We wanted additional addresses and when we called our ISP they told us we already had them - just a different pool. Hence the question. I'm guessing that I wouldn't put anything specific on the outside interface and I would put the specifics on the subinterfaces?
I've never done something like this before - that's why I'm asking the question! Any help/direction would be appreciated!
Thank you!
Solved! Go to Solution.
12-26-2012 02:42 PM
It works. Nothing needed except NAT statments that have the 2nd ip range addresses specfied. As long as your ISP routes them to the ASA's outside interface, the ASA is smart enough to NAT them for you.
12-26-2012 02:44 PM
Hi,
You shoud not create subinterfaces for this purpose. You will only complicate your setup and cause problems.
To be able to use the new public IP address range its basicly mostly up to the ISP configurations. As long as the ISP has routed the new public subnet towards ASA outside interface it should be usable. What you do with it is up to you.
You could
All of the above depends on how your network is built. Meaning for example how your link to ISP is configured and what kind of devices you have on your network.
Pleare rate if the information was helpfull and/or ask more questions if the above didnt answer your questions.
- Jouni
12-26-2012 02:42 PM
It works. Nothing needed except NAT statments that have the 2nd ip range addresses specfied. As long as your ISP routes them to the ASA's outside interface, the ASA is smart enough to NAT them for you.
12-26-2012 02:44 PM
Hi,
You shoud not create subinterfaces for this purpose. You will only complicate your setup and cause problems.
To be able to use the new public IP address range its basicly mostly up to the ISP configurations. As long as the ISP has routed the new public subnet towards ASA outside interface it should be usable. What you do with it is up to you.
You could
All of the above depends on how your network is built. Meaning for example how your link to ISP is configured and what kind of devices you have on your network.
Pleare rate if the information was helpfull and/or ask more questions if the above didnt answer your questions.
- Jouni
12-26-2012 02:47 PM
NAT and ACLs are both needed.
12-27-2012 07:23 AM
Thank you both. I didn't realize that the ASA would be "smart" enough to handle two IP ranges on the same interface. I simply created the access rules and then the nat translations and it worked!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide