ASA out interface ip mask /32

fortis123 · ‎03-03-2008

Hi All,

Working on configuring ASA , where the ISP assigned outside IP:20.20.20.67/32 and gateway: 20.20.20.69.

This ASA will act as regular NAT device and L2L tunnel to another location.

My question is /32 on outside is good enough tfor doing this config.

Please review and suggest.

Thank you

MS

fortis123 · ‎03-04-2008

I just tried myself.. it is not accepted on ASA5510 interface. Saying 'bad Mask'.

Thank you

MS

michelcaissie · ‎03-04-2008

I suggest you double check with your ISP.

The info you have doesn't make sense.

A 32 bits subnet is a one address subnet , meaning a single host. But your outside interface needs to be in the same subnet than your default gateway. The smallest subnet possible here would be a /30 subnet, wich give 4 addresses (2 usable) .

But .67 and .69 are not part of the same /30 subnet. And .67 would be a broadcast address in a /30 ( 64-65-66-67).

So .67 and .69 can only be part of at least a /29 subnet ( 64-65-66-67-68-69-70)

But you have to verify thisa with your ISP because both devices needs to be configure with the same subnet.

pbuch · ‎06-24-2018

/32 mask does not make any sense.

I agree that the mask ideally should be the same in both ends, but they don't need to. The ASA does not use the broadcast address.