cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
115
Views
0
Helpful
2
Replies
smurray06
Beginner

ASA 5505 NAT to and from multiple External IPs

I have three external IPs, call them 10.0.0.3-5, from my service provider. I would like to have two internal networks, 192.168.10.x and 192.168.9.x with my servers on .9.x and my desktops on .10.x. Currently all my servers are still on 10.x so my configuration is all on that network.

 

I have PATs and ACLs allowing and directing the traffic to the proper ips inside, I need to have the internal server reply out the same external ip  

 

Any help is appreciated

2 REPLIES 2
William Benson
Beginner

It looks like for starts you need to add a third VLAN to your config.  You've got outside 10.x and Inside 192.168.10.x and you want a third network for 192.168.9.x

 

The ASA5505 by default supports only two fully functional VLANs with the option to add a third restricted VLAN.

 

So you'll need something like this setup for starts.  This will allow you to setup three different networks on your ASA5505.  The Outside interface has been restricted so that it is not allowed to initiate traffic with VLAN1.

 

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.10.1 255.255.255.0 

!

interface Vlan3

 nameif Servers

 security-level 90

 ip address 192.168.9.1 255.255.255.0 

!

interface Vlan2

 no forward interface Vlan1

 nameif outside

 security-level 0

 ip address 10.0.0.3 255.255.255.248 

!

 

I was planning on the 3rd vlan but will the lower security level prevent traffic from Vlan3 to Vlan2? Do I just add an access list for 9.x to 10.x?