cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
200
Views
0
Helpful
4
Replies
Highlighted
Beginner

Suggestion for router

I currently have an ASA 5510 unit. I have a dmz setup which house some web servers and an inside interface. The web servers contain multiple public ip addresses which I have natted and access is fine.

We currently have 253 usable public ip addresses and will be adding two more class C ranges each with another 253 ip addresses each. As I understand the ASA can only listen for one wan network. I was told I will need a router that handle listening for ip addresses on three different networks.

I need something rack mountable and fairly easy to setup as this is not a large enviroment. Could anyone suggest what router I may want to look at? Also will I need an Asa for each one of the subnets? Fairly new to cisco and I inherited this setup I believe knowing the plans to add new ip ranges we should have had a router to begin with. Any help is greatly appreciated.

Thanks,

Kevin

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Frequent Contributor

Re: Suggestion for router

Kevin,

If you have x.x.1.2 as your Asa outside ip connecting to ISP then just have the same ISP point the two new subnets to that outside ip address. I use 20 class c right now on my Asa 5550 in the same fashion. Ones the ISP has routed subnets to your external ISP facing ip , you can use them in your nat statements.

Manish

Sent from Cisco Technical Support iPhone App

View solution in original post

4 REPLIES 4
Highlighted
Frequent Contributor

Re: Suggestion for router

Hi kevin,

I don't know if I understood you right or not but if you have multiple subnet and your ISP can point these subnets to the outside ip address of the firewall then you can you those ranges in your nat statement. For example if your firewall outside ip is a.b.c.d and your ISP points 2 class c subnets 2.2.2.0/24 and 3.3.3.0/24 to the firewall ip then you can use both of these subnets in your nat statements .

Manish

Sent from Cisco Technical Support iPhone App

Highlighted
Beginner

Re: Suggestion for router

Ok Thanks and yes to explain better I have

x.x.1.x now as a subnet and will be adding two other subnets

x.x.2.x

x.x.3.x

On my Asa I have it listening for any ip from the x.x.1.x range, if I understand you correctly as long as my isp points the new subnets to my gateway now I will be able to add them into the Asa and nat them to internal addresses without issue. If it helps it just adding more ip adresses to our pool but the provider is the same for all....not two different isp.

This would be great as I can then just add them as public servers in Asa and I wont have to cofig a router in addition to the firewall.

Thanks

Kevin

Highlighted
Frequent Contributor

Re: Suggestion for router

Kevin,

If you have x.x.1.2 as your Asa outside ip connecting to ISP then just have the same ISP point the two new subnets to that outside ip address. I use 20 class c right now on my Asa 5550 in the same fashion. Ones the ISP has routed subnets to your external ISP facing ip , you can use them in your nat statements.

Manish

Sent from Cisco Technical Support iPhone App

View solution in original post

Highlighted
Beginner

Re: Suggestion for router

Manish,

Thanks for your help and I fully understand now. I will have the isp do what you suggested so I can use the equipment I allready have in play.

Thanks again,

Kevin