Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1538
Views
0
Helpful
3
Replies

ASA out interface ip mask /32

fortis123
Level 1
Level 1

‎03-03-2008 06:07 PM

Hi All,

Working on configuring ASA , where the ISP assigned outside IP:20.20.20.67/32 and gateway: 20.20.20.69.

This ASA will act as regular NAT device and L2L tunnel to another location.

My question is /32 on outside is good enough tfor doing this config.

Please review and suggest.

Thank you

MS

Labels:
0 Helpful
3 Replies 3

fortis123
Level 1
Level 1

‎03-04-2008 06:57 AM

I just tried myself.. it is not accepted on ASA5510 interface. Saying 'bad Mask'.

Thank you

MS

0 Helpful

michelcaissie
Level 1
Level 1
In response to fortis123

‎03-04-2008 11:15 AM

I suggest you double check with your ISP.

The info you have doesn't make sense.

A 32 bits subnet is a one address subnet , meaning a single host. But your outside interface needs to be in the same subnet than your default gateway. The smallest subnet possible here would be a /30 subnet, wich give 4 addresses (2 usable) .

But .67 and .69 are not part of the same /30 subnet. And .67 would be a broadcast address in a /30 ( 64-65-66-67).

So .67 and .69 can only be part of at least a /29 subnet ( 64-65-66-67-68-69-70)

But you have to verify thisa with your ISP because both devices needs to be configure with the same subnet.

0 Helpful

pbuch
Level 1
Level 1
In response to michelcaissie

‎06-24-2018 10:03 PM

/32 mask does not make any sense.

I agree that the mask ideally should be the same in both ends, but they don't need to. The ASA does not use the broadcast address.

0 Helpful
Customers Also Viewed These Support Documents