ASA 5510 - Multiple outside ip addresses on one ethernet port?

Unanswered Question
May 9th, 2007

I have a windows server 2003 box running 2 ssl websites. Currently I am only using the windows firewall and have put both the two exteral ip addresses on one nic card.

What I want to do is the same thing just on the ASA 5510.

Is there any way to map more than one outside ip address to one ethernet interface (Ethernet0/0) and have that traffic routed to my nic as 2 different internal ips?

Ex: -> ->

Then in iis i would select the internal ip addresses for each site and hopefully the ssl certificates would still work?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
hoogen_82 Wed, 05/09/2007 - 21:40

Hmm.. two static nat should solve your problem

static(inside,outside) netmask

static(inside,outside) netmask



lonnycisco Wed, 05/09/2007 - 22:10

Expanding on the first question how would you tell the router:

I only want to allow access to ip address from these wan ip addresses

xx.xx.xx.xx and zz.zz.zz.zz ...


I only want to allow access to ip address from these wan ip addresses

yy.yy.yy.yy and aa.aa.aa.aa ...

I will be taking the server down on Friday so I can test the code then.

Thanks again.

hoogen_82 Thu, 05/10/2007 - 05:42

Along with your NAT statements you would be specifying the access-list which would look like:

access-list outside extended permit ip xx.xx.xx.xx host

access-list outside extended permit ip zz.zz.zz.zz host


access-list outside extended permit ip yy.yy.yy.yy host

access-list outside extended permit ip aa.aa.aa.aa host



laurent.geyer Thu, 05/10/2007 - 06:53

Alternatively to the already suggested public to private static translations you can also do following.

static (inside,outside) netmask

static (inside,outside) netmask

route inside

route inside

Rather than adding as second IP address for the server you add the two public IPs.

This seems like a more complicated setup at first, but it has the benefit of making it a lot clearer what public IP addresses are currently associated with a given webserver.


This Discussion