Adding a second public subnet to an ASA 5510

Answered Question
Jun 7th, 2007
User Badges:

I have a customer who needs more address space, and instead of readdressing everything on the ASA, is it possible to use the fourth ethernet port as a second public interface to the internet? Both interfaces will terminate onto a 2610 through a switch with the second subnet as secondary on the e0/0 port. Name it outside2 with security 0, and have the static nat statements for the internal servers in that subnet?

Correct Answer by acomiskey about 9 years 9 months ago

It's not necessary to use another interface, just make sure the isp routes the new subnet to your ASA, write the statics and you'll be good to go.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Thu, 06/07/2007 - 07:50
User Badges:
  • Green, 3000 points or more

It's not necessary to use another interface, just make sure the isp routes the new subnet to your ASA, write the statics and you'll be good to go.

tahequivoice Thu, 06/07/2007 - 07:54
User Badges:

heheh I'm the ISP! :) So if I just add static translations in the new range, and have the gateway address on the router as secondary, I should be able to route through to them?

acomiskey Thu, 06/07/2007 - 08:06
User Badges:
  • Green, 3000 points or more

Well it should be a piece of cake then, haha. Yes, that should be fine.

tahequivoice Thu, 06/07/2007 - 08:33
User Badges:

OK, I am going to lab test it now with another 5510 I have just finished with for another customer. I'll get back to ya.

tahequivoice Thu, 06/07/2007 - 10:00
User Badges:

Well, I can see the arp entry, but I am not able to ping the machine. I have an ACL that allows all traffic through to the box.

050878james Thu, 06/07/2007 - 08:48
User Badges:

Hello tahequivoice, if You`re an ISP ;) can I ask You to take a look on the post in the link below ? maybe You can give me an answer ?


I am having big problems to find a solution on my question. Since this is forum category for FIREWALLING, I will not post the question here, but just the link:


http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddeb9aa


It will not take a long time for You to read trough the messages ok ?


And if someone of You other boys who replied to tahequivoice know the solution, so please help !! Help this poor soul, I was looking for this solution long time, without success.


Thank you !!

Best regards

James

tahequivoice Thu, 06/07/2007 - 09:59
User Badges:

I replied to your question, hopefully it is what you are seeking.

tahequivoice Thu, 06/07/2007 - 11:12
User Badges:

Confirmed. The reason it didnt work the first time was I fat fingered the inside IP, the second test I found it needs to be directly connected to the router so it picks up the ARP entry. I had it running through a Vlan in the first.

Actions

This Discussion