cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1089
Views
5
Helpful
13
Replies

ASA5512 multiple public IP ranges

richard.quick1
Level 1
Level 1
Hi, 
I hope someone can help me, I have a ASA5512-X which is configured with a single 'outside' interface connected to my providers network. With this link we have a /26 ip address range which a single IP is allocated to the 'outside' interface and the rest off the IP's are NAT'd to devices on the 'inside' interface's. This is working as expected and connectivity is good.
I now have a second public IP range (/28) on the same link which I would like to use to allocate public addresses to devices on inside networks as with the first range of IP addresses. I have tried configuring a second 'outside' interface with the new range but connectivity doesn't seem to work.
How do I ensure the second range is 'seen' as the first range and NAT'd traffic passed to 'inside' devices using a public IP from the second range? I do all my configuration via the ASDM and can not figure a way out to add this secondary range to the 'outside' interface. In addition we will soon have a third IP range which will also need to be seen by the 'outside' interface.
Thanks in advance
13 Replies 13

Pawan Raut
Level 4
Level 4

You need not configure second 'outside' interface. Firewall should have one outside interface with one subnet and do the NAT for second third and so on  without configuring IP subnet on interface just make sure that ouside world know that second,third and so on range on your Firewall I mean routing.

Hi, Thank you for your quick response. how do I set up NAT for the second/third ranges using ASDM?

Thank in advance

How did you set up NAT for the first range? I am guessing that perhaps you created objects for the addresses in the range and then configured NAT with the object of the inside address and of the public address. Or perhaps you just configured NAT for the object of the inside address to the public address. You would do essentially the same for the second or third range.

HTH

Rick

HTH

Rick

Hi, 

The 'outside interface was allocated an IP in the public range 1.1.1.40, all other addresses were allocated to internal devices using ASDM and creating a public facing server. This created a public to internal NAT rule.

I am not sure how to add 3.3.3.x and 6.6.6.x to the outside interface, allowing me to allocate additional public addresses to internal servers.

Thanks in advance

The thing is that you do not need to add those addresses to any interface. All you need to do is to create the NAT rules.

HTH

Rick

HTH

Rick

Thank you, how would i create the rules in the ASDM manager? Is it literally in the NAT section and select the I/F and IP ranges?

Thanks

Yes it is literally in the NAT section (with appropriate entries in the object section).

HTH

Rick

HTH

Rick

Thanks, which option do I choose (image attached).

Thanks once again.

I believe that you want the middle option which add an object nat rule.

HTH

Rick

HTH

Rick

I will give it a try. Thanks

Hi, 

Any ideas what the Translated Address should be set to, I don't have any targets for the secondary IP range yet and they wont all be on the same network segment anyway?

Thanks

The translated address would be taken from the set of addresses that the ISP gives you. If you do not have these addresses yet then it is too early to be configuring this address translation.

I am not sure that it makes any difference whether the translated addresses are in the same subnet or not.

HTH

Rick

HTH

Rick

Paul
Level 1
Level 1

Is the new IP block from the same ISP? If it is, are they routing this new /28 to your current interface?

Review Cisco Networking for a $25 gift card