how to configure all public ip add on Router and ASA?

rechard_hk · ‎08-17-2011

Dear All,

I would like to ask you some question about how to configure public ip on router 1841 and ASA 5510. let me show you my issue that:

i have router 1841 ( for F0/0 use pubic ip add 10.10.10.1 /30, and F0/1 use other rang public ip add 20.20.20.1 /24) and on ASA 5510 i use public ip add E0/0 20.20.20.2 /24 ) all this for public ip add and my lan ip is 192.168.0.1/24.

could you let me know how to configure on router 1841 and ASA 5510.

for router 1841 if you use private ip we can use nat but for all public ip add how can we do it?

Best Regards,

Rechard

cadet alain · ‎08-17-2011

Hi,

Could you post a topology diagram, please.

Regards.

Alain.

Don't forget to rate helpful posts.

rechard_hk · ‎08-17-2011

Dear Cadet alain,

Please kindly see in the attach file.

Note : for 10.10.10.1 have gateway: 10.10.10.2

for 20.20.20.1-2 have gateway 20.20.20.3

all ip as above is public ip address.

Best Regards,

Rechard

cadet alain · ‎08-17-2011

Hi,

so you want your 192.168.0.0 subnet to get natted to communicate beyond the cloud and you want to do it on both devices to 20.20.20.0 and then to 10.10.10.0? But the 10.0.0.0/8 is an RFC 1918 private address not a public and so it ain't routeable on the internet.You should put the 20.20.20.0 subnet on the interface facing the cloud on your router as I suppose it was given by your ISP and then use a private address subnet on your firewall facing router.

Then you can disable NAT on the firewall an only do it on the router for your 2 internal subnets.

Regards.

Alain.

Don't forget to rate helpful posts.

rechard_hk · ‎08-17-2011

Dear Alain,

thanks you for your help!

My boss he want to do like i ask you do you have any advice on this!

i know that if i assign private ip between router to ASA it fine but he want to do all interface use public ip add and E0/1 for lan ip address.

note: all public ip add it can access internet when i assign public ip add on my PC.

Do you advice if i use all public ip address? it so hard for me on this, last time u was configure private ip add between router and ASA but now they want me to configure all public ip add... i dont know how to tell them?

Best Regareds,

Rechard

cadet alain · ‎08-17-2011

Hi,

as long as you have available public IPs then you can use it everywhere if you want, that was what they were doing before IPv4 depletion and the invention of NAT and RFC1918.

Regards.

Alain.

Don't forget to rate helpful posts.

RAMACHANDRA R · ‎08-17-2011

Hi Rechard,

What i understood from the diagram , you have two ISP with public ip address and you want to assign that ip address on Router and ASA, then you have local lan which is behind your ASA .

Let us know your requirements

Rgds

Rama

rechard_hk · ‎08-17-2011

Dear Rama,

No, i have only one ISP and i request ISP company for 2 subnet ip public. and 2 subnet public ip add can access internet also. base on your experience have anybody do like this before( for assign public ip add on router and ASA)?

Best Regards,

Rechard

RAMACHANDRA R · ‎08-17-2011

Hi Rechard,

Most of the customer would take 2 subnet of public ip address( basically ISP will allocate to thier customer) one WAN public subnet ip ie /30 and second LAN public subnet IP /29 or /28 (some time it can go upto /27 or /26 too based on customer requirement) but ISP may charge minimal amount for LAN public subnet pool.

Practically speaking you can have 2 subnet configured on your router ie WAN and LAN.

You will have /30 IP address on WAN leg ( which is connected to ISP modem or switch) and /29 or /28 on LAN leg of the router ( in your case it will be connected to your FIrewall outside interface)

I have configured most of the network with /30 ip address on Routers/Firewalls and enabling PAT ( where in customer dont have any public facing servers)on that interface , if customer has web/email/ftp servers that time we can do port forwarding using /30 subnet or we can request isp to allocate /29 LAN pool for public servers.

Some customer would need redundancy and they will go for thier own BGP AS # and Public ip address from IANA and will have peering with 2 or more ISPs.

For your setup you can have 2 subnet and configure the same on Router and ASA

Please let us know if you require any configuration assistance for the same.

HTH

Rama

wissamnad · ‎11-14-2012

Hi,

So what are the benefits of assigning and spending 2 public IPs on the firewall outside interface and the router inside interface in such setup eventhough we can use static nat for public servers and use private IPs on the link connecting the ASA and the router? Please explain what are the advantages?

mis.network · ‎06-25-2018

Can i use this without using ASA, my LAN would got directly to L3 sw.

comp · ‎12-29-2016

I have the exact topology diagram and a little confused about the configuration..ISP has private ip scheme(10.130.80.233 & .234) on the router facing the cloud and i couldn't change that. .now i have configured private ip 192.168.4.9 & .10 in between the firewall and router and internet works perfectly. .now i have get public ip from ISP 197.156.54.4/30 just to configure for remote access. .how could i configure the public ip???

without configuring my public ip configuration i can ping one of my public ip address but not the other and that also confused me a little.

Ayele

comp · ‎12-29-2016

I have the exact topology diagram and a little confused about the configuration..ISP has private ip scheme(10.130.80.233 & .234) on the router facing the cloud and i couldn't change that. .now i have configured private ip 192.168.4.9 & .10 in between the firewall and router and internet works perfectly. .now i have get public ip from ISP 197.156.54.4/30 just to configure for remote access. .how could i configure the public ip???

without configuring my public ip configuration i can ping one of my public ip address but not the other and that also confused me a little.

Ayele