Configuration of secondary Ip on a second interface inorder for a server to function using the secon...

faiyaz001 · ‎06-18-2015

Hi,

i have a cisco firewall 5512 which is configured as,

one interface to ISP Router and internally connected to the switch for internal network.

Interface configuration:

Gigabit ethernet 0/0 -it is configured as an outside Interface to access the public ip:A.B.C.D

Gigabit ethernet 0/1-it is configured as an Inside interface 192.168.1.0

this both the interfaces were working fine and nat also done to access various features.

i would like to use another subnet of ip (Separate ip E.F.G.H to get access to one of our internal server as a dedicated public ip). hence

i have enabled,

Gigabit ethernet 0/2 is enabled and configured as an outside interface 2 to access the public ip E.F.G.H(NAT From the router).

i want to use this ip to get an access for the Internal server 192.168.1.13 to be utilized to resolve using Public ip E.F.G.H.

can any one help me to configure the rule, such that only one server ip can connect and send traffic via E.F.G.H public ip and vice versa.

Jon Marshall · ‎06-19-2015

You don't need to use another interface on your firewall.

If the IP is from a different subnet then you simply need your ISP to route traffic for that IP subnet to the existing outside interface and then you simply configure a NAT statement on your firewall using that new IP.

Jon

faiyaz001 · ‎06-20-2015

Hi John,

Thanks for the response. how can i differentiate the new ip in a firewall as outside interface 192.168.100.20(ip configured on outside interface), as this only shows in firewall while mapping.

In firewall already many services were configured for nat statement for ip 192.168.100.20

faiyaz001 · ‎06-22-2015

Hi, can anyone suggest a solution for me to configure the above scenario Please

Jon Marshall · ‎06-22-2015

how can i differentiate the new ip in a firewall as outside interface 192.168.100.20(ip configured on outside interface), as this only shows in firewall while mapping.

I don't understand what you mean by this.

You simply use your new IP and setup a NAT statement on the firewall, the IP does not need to be assigned to any interface.

If the IP is part of the same IP subnet as the outside interface IP it should just work, if it is part of a different IP subnet the ISP will need to route traffic for that IP to the outside interface of your ASA.

Jon

faiyaz001 · ‎06-22-2015

Dear All,

Can anyone suggest how i can utilize the another IP Subnet to nat through the same interface or another interface to pass through the firewall and can be access for an internal application server.

Thanks for the response. how can i differentiate the new ip in a firewall as outside interface 192.168.100.20(ip configured on outside interface), as this only shows in firewall while mapping.

In firewall already many services were configured for nat statement for ip 192.168.100.20

- See more at: https://supportforums.cisco.com/discussion/12536701/configuration-secondary-ip-second-interface-inorder-server-function-using#sthash.jhtH7VIU.dpuf

Thanks for the response. how can i differentiate the new ip in a firewall as outside interface 192.168.100.20(ip configured on outside interface), as this only shows in firewall while mapping.

In firewall already many services were configured for nat statement for ip 192.168.100.20

- See more at: https://supportforums.cisco.com/discussion/12536701/configuration-secondary-ip-second-interface-inorder-server-function-using#sthash.jhtH7VIU.dpuf

Thanks for the response. how can i differentiate the new ip in a firewall as outside interface 192.168.100.20(ip configured on outside interface), as this only shows in firewall while mapping.

In firewall already many services were configured for nat statement for ip 192.168.100.20

- See more at: https://supportforums.cisco.com/discussion/12536701/configuration-secondary-ip-second-interface-inorder-server-function-using#sthash.jhtH7VIU.dpuf

Configuration of secondary Ip on a second interface inorder for a server to function using the secondary ip.