Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1487
Views
0
Helpful
1
Replies

Routing Second IP Address Block from ISP

routercpu
Level 1
Level 1

‎09-28-2015 09:10 AM - edited ‎03-05-2019 02:24 AM

We have two front end routers configured in HSRP.  We receive two handoffs from our ISP, one active and one standby.  One handoff connects to one router and the other handoff to the other router.  We have a /29 IP block that is used for the handoff interfaces on the routers and configured for HSRP.  The ISP assigned us a /26 IP block that they route to the HSRP virtual IP on our routers.  Our routers have a default route to the default gateway of the /29 IP block.  We have received a /24 IP block from this same ISP and they are routing that /24 IP block to the HSRP virtual IP on our routers just like the /26 IP block.  So, I want to be able to use the new /24 IP block on my firewalls for NATting just like I use the /26.  I would like to do this without assigning an IP from the /24 block to my firewall.  I have tried a couple things, including assigning an IP from the /24 block as a secondary IP on the routers, but can't get it to work.  Is this possible or what is the best way to accomplish this setup?  The router configs are attached below (actual IP addresses changed for posting).  I have also attached a basic diagram of the setup.  We are using ASR1001-X routers and ASA 5545-X firewalls.

Router 1

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router 1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
subscriber templating
!
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
interface TenGigabitEthernet0/0/0
 no ip address
 shutdown
!
interface TenGigabitEthernet0/0/1
 no ip address
 shutdown
!
interface GigabitEthernet0/0/0
 description Peer 1 Handoff
 ip address 10.0.0.252 255.255.255.248
 standby delay minimum 30 reload 60
 standby version 2
 standby 0 ip 10.0.0.254
 standby 0 priority 110
 standby 0 preempt delay minimum 380
 negotiation auto
!
interface GigabitEthernet0/0/1
 description PM-PUB-MGMT-1-SWITCH g0/1
 ip address 200.0.0.4 255.255.255.0 secondary
 ip address 11.0.0.74 255.255.255.192
 standby delay minimum 30 reload 60
 standby version 2
 standby 1 ip 11.0.0.87
 standby 1 priority 110
 standby 1 preempt delay minimum 380
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 no negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/4
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/5
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.0.0.249
!
!
control-plane
!

 

Router 2

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router 2
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
!
subscriber templating
!
multilink bundle-name authenticated
!
spanning-tree extend system-id
!
!
redundancy
 mode none
!
!
interface TenGigabitEthernet0/0/0
 no ip address
 shutdown
!
interface TenGigabitEthernet0/0/1
 no ip address
 shutdown
!
interface GigabitEthernet0/0/0
 description Peer 1 Handoff
 ip address 10.0.0.253 255.255.255.248
 standby delay minimum 30 reload 60
 standby version 2
 standby 0 ip 10.0.0.254
 standby 0 priority 105
 standby 0 preempt delay minimum 380
 negotiation auto
!
interface GigabitEthernet0/0/1
 description PM-PUB-MGMT-1-SWITCH g0/1
 ip address 200.0.0.5 255.255.255.0 secondary
 ip address 11.0.0.75 255.255.255.192
 standby delay minimum 30 reload 60
 standby version 2
 standby 1 ip 11.0.0.87
 standby 1 priority 105
 standby 1 preempt delay minimum 380
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 no negotiation auto
!
interface GigabitEthernet0/0/3
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/4
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/5
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.0.0.249
!
!
control-plane
!

Labels:
Preview file
20 KB
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎09-28-2015 01:38 PM

You do not need an interface on either the routers or the firewalls with an IP from the new IP subnet.

Just add a route to each router for the new IP subnet pointing to the active firewall IP address.

Then configure your NAT statements on the firewall. 

Edit - the above is a common setup.

Is there a specific reason you want to use secondary IPs ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card