cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

how can i use two different public ip add on my dmz

1544
Views
0
Helpful
1
Comments
Beginner

Hello everyone out there.

Im facing some hard time in having this problem sorted out.

My network looks something like this;

INTERNET»»ROUTER»»ASA FIREWALL»»»INTERNAL NETWORK

the problem is that right now, we are using a public ip range like for instance of 50.224.157.105/29, which we are using in the router, asa, and for two server on dmz.

but now the thing is, those blocks of public ip are finished...and them we got implemented some other services that we will have a web server on the  same dmz, that will be needed to be accessed from outside i mean users on the internet as well as internal users.

So how can i do this configuration for those new server on dmz, so they can be accessed from outside users, but still having their gateway the same as the others server which is a public ip in a range of the 50?

Remember that the new servers will have their public ip in block of 197.200.4.1/29 for instance.

Can anyone help me on how to do that on reall world? i mean practically in the appliance?

What type of protocol should i use?

Do i use PAT for port redirection? or Subinterface? or should i use Static nat? and how to cxonfigure them??

Please help

Thank u so much

Jorge

1 Comment
Cisco Employee

Jorge,

I think there are a few key pieces of information missing. I will make some assumption that the current IP range is either being NATted or PATted to private IP address on the DMZ.

There are probably a few ways to do this. I think the easiest would be to simply use static NAT on the ASA for the new Web servers using the new IP address range. The DMZ web servers can share the same IP address range as the current DMZ servers. This takes care of the problem of Default Gateway.

Once the static NAT is created for the Web server using the new IP address range, the ASA will start to respond to ARP requests for that IP address being NATted.

Finally, create static route on the internet router pointing to 197.x.x.x/29 and point it to the outside interface of the ASA.