External IP for DMZ host

kumcore79 · ‎06-09-2015

Hello,

I am working with a Cisco ASA 5505 device and 9.2(3) firmware.

Currently I have /29 (5 useable) public IP addresses assigned by the ISP. The "outside" interface or WAN is configured with 1.2.3.4 public IP. The "inside" interface or LAN is configured to work with 10.80.80.x network and the "dmz" is configured as 192.168.1.x network. Everything works as expected... and when I go to whatismyipaddress.com from a computer that's behind the "inside" and "dmz" network they both show as 1.2.3.4 as the external IP for the connection which is expected.

Now, how can I change so that one particular host behind "dmz" (eg: 192.168.1.5) should report 5.6.7.8 as the external IP for all outbound traffic *not* 1.2.3.4... In other words, I want a dedicated external IP mapped just for that one host that's behind the "dmz" . Is it possible? If so, how? Please advise.

Reza Sharifi · ‎06-09-2015

Hi,

It is possible, but you have to go back to your service provider to get the new ip segment (5.6.7.8). Once you have the IP you can configure the DMZ interface with an IP in 5.6.7.8 segment and NAT it to 192.168.1.5.

HTH

kumcore79 · ‎06-09-2015

Hi,

Thanks for the reply. Sorry if I didn't explain it right... In my example the IP 5.6.7.8 is also part of the original /29 assignment. Basically, I have 5 usable IP addresses.. out of those 5 IPs ,1 is already assigned to the "outside" interface (ex: 1.2.3.4), and out of the remaining 4 IP addresses I want to assign the next available IP (5.6.7.8) to map it to the host computer which is setting behind the "dmz" network (as I already explained).

What is the command (or the steps through ASDM) that I need in order to do the above?

Many Thanks!