cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
486
Views
0
Helpful
3
Replies

How to get to the internet

laurabolda
Level 1
Level 1

I have an ASA, running 8.2(2).  The only way to get out of the internet is by the outside interface of the ASA which has the public IP address.   The inside interface has a private IP address of 192.168.100.100.  I am using static NAT so that this computer behind the ASA can get on the internet.

static (Inside,Outside) 66.124.10.25 192.168.100.25 netmask 255.255.255.255

I am able to get on the internet.  However, I have another requirement.  I want to assign the public IP address 66.124.10.25 instead of the private IP address to this computer and still be able to get outside.  I do not want to use the static NAT statement above.  How do I accomplish this task?  Please let me know if you need additional information.

Thanks.

3 Replies 3

uwkleinh
Cisco Employee
Cisco Employee

If you like to give your PC a public IP, how is your ISP gonna route to you?

You have to tell them to point a static to your ASA and you need to have your ISP assign you a new subnet.

Remember that the inside and outside interfaces need to belong to different L3 networks.

Perhaps you can look into a transparent firewall, that way both inside and outside IP addresses are the on the same L3 network and inspection is appening on L2.

But remember there are some limitations with that, such as you can't terminate any VPN on a TFW.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/fwmode.html#wpmkr1212466

Uwe

Uwe,

Thanks for your prompt response and information.  I am not using ports 2 and 3 of the ASA.   Do you think it is possible to configure port 2 or 3 so that this computer would have the public IP address instead of the private IP address?    I still want this computer to be able to communicate with other computers inside the network?

Thanks.

Hi,

All port in your ASA is router port. So 2 ports cant be assigned same IP segment. How many Public IPs  given by your ISP to u? If you have /28 IP segment then you can go for subneting and assign Public IP direct to you PC.

Regards, Nagis