Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
439
Views
0
Helpful
4
Replies

Suggestion for router

Go to solution
ksuber0758
Level 1
Level 1

‎03-05-2011 11:06 AM - edited ‎03-04-2019 11:39 AM

I currently have an ASA 5510 unit. I have a dmz setup which house some web servers and an inside interface. The web servers contain multiple public ip addresses which I have natted and access is fine.

We currently have 253 usable public ip addresses and will be adding two more class C ranges each with another 253 ip addresses each. As I understand the ASA can only listen for one wan network. I was told I will need a router that handle listening for ip addresses on three different networks.

I need something rack mountable and fairly easy to setup as this is not a large enviroment. Could anyone suggest what router I may want to look at? Also will I need an Asa for each one of the subnets? Fairly new to cisco and I inherited this setup I believe knowing the plans to add new ip ranges we should have had a router to begin with. Any help is greatly appreciated.

Thanks,

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
manish arora
Level 6
Level 6

‎03-05-2011 12:45 PM

Kevin,

If you have x.x.1.2 as your Asa outside ip connecting to ISP then just have the same ISP point the two new subnets to that outside ip address. I use 20 class c right now on my Asa 5550 in the same fashion. Ones the ISP has routed subnets to your external ISP facing ip , you can use them in your nat statements.

Manish

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
4 Replies 4

Go to solution
manish arora
Level 6
Level 6

‎03-05-2011 11:36 AM

Hi kevin,

I don't know if I understood you right or not but if you have multiple subnet and your ISP can point these subnets to the outside ip address of the firewall then you can you those ranges in your nat statement. For example if your firewall outside ip is a.b.c.d and your ISP points 2 class c subnets 2.2.2.0/24 and 3.3.3.0/24 to the firewall ip then you can use both of these subnets in your nat statements .

Manish

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
ksuber0758
Level 1
Level 1
In response to manish arora

‎03-05-2011 11:56 AM

Ok Thanks and yes to explain better I have

x.x.1.x now as a subnet and will be adding two other subnets

x.x.2.x

x.x.3.x

On my Asa I have it listening for any ip from the x.x.1.x range, if I understand you correctly as long as my isp points the new subnets to my gateway now I will be able to add them into the Asa and nat them to internal addresses without issue. If it helps it just adding more ip adresses to our pool but the provider is the same for all....not two different isp.

This would be great as I can then just add them as public servers in Asa and I wont have to cofig a router in addition to the firewall.

Thanks

Kevin

0 Helpful

Go to solution
manish arora
Level 6
Level 6

‎03-05-2011 12:45 PM

Kevin,

If you have x.x.1.2 as your Asa outside ip connecting to ISP then just have the same ISP point the two new subnets to that outside ip address. I use 20 class c right now on my Asa 5550 in the same fashion. Ones the ISP has routed subnets to your external ISP facing ip , you can use them in your nat statements.

Manish

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
ksuber0758
Level 1
Level 1
In response to manish arora

‎03-05-2011 04:29 PM

Manish,

Thanks for your help and I fully understand now. I will have the isp do what you suggested so I can use the equipment I allready have in play.

Thanks again,

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card