Solved: You can use the new IP block

Chapwe378 · ‎11-18-2016

Hi All,

I have an ASA 5515 Deployed on my production network and i need to use the public service feature for one of the new servers. My outside interface public IP pool is all used up so i requested for an extra public IP from the provider but i do not have any extra interfaces to put the new public IP on, is the new public IP reachable simply by adding it on the public service auto config and NAT into my inside host from the outside provided i ask the provider to route traffic to that IP through my outside gateway interface ?

Kind Regards

Chapwe

Karsten Iwen · ‎11-18-2016

You can use the new IP block in the intended way. There are two ways it can be implemented:

The provider routes the new IP block to the public IP of the ASA. Then nothing has to be done on your side. Just use the addresses in your NAT-statements.
The provider configures the new subnet as secondary network. To make that work you have to configure "arp permit-nonconnected" on your ASA. After that you can use the addresses in your NAT-stements.

View solution in original post

Karsten Iwen · ‎11-18-2016

You can use the new IP block in the intended way. There are two ways it can be implemented:

The provider routes the new IP block to the public IP of the ASA. Then nothing has to be done on your side. Just use the addresses in your NAT-statements.
The provider configures the new subnet as secondary network. To make that work you have to configure "arp permit-nonconnected" on your ASA. After that you can use the addresses in your NAT-stements.

Chapwe378 · ‎11-18-2016

Good Afternoon Karsten,

Thanks for the feedback let me go with option one and i will advise the results.

Kind Regard

Chapwe378 · ‎11-23-2016

Hi Karsten,

Option A worked wonders, thank you very much for the assist.

Kind Regards

Chapwe

Public Service Attribute on ASA