secondary ip on ASA

Unanswered Question
Aug 13th, 2007
User Badges:

Hi,


I'm looking at a phased migration from PIX to ASA and our ISP is currently routing a seperate public subnet through the PIX into our network. As the IP of the PIX pair is used in their routing tables, and the ASA's are being commisioned of different public IP's (it's too complex to just keep the same IP's for other reasons), I'd ideally like to be able to take the IP being used as the routing HOP and keep it on the ASA's as a secondary IP or such like, without having to liaise with the ISP to do a timed routing change, which is never fun. This would also give a nice bit of abstraction from hardware IP's and functional IP's. if this was an IP being used for a NAT or such then obviously that move would be simple, but as this is a routing hop, the NAT wouldn't make sense (would it?)


If this were IOS, i'd personally be looking at an HSRP IP, but on ASA I don't think this is possible, but hopefully someone might be able to prove me wrong.


Thanks


Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acid_kewpie Tue, 08/21/2007 - 02:42
User Badges:

erm, thanks. BUT that appears to have nothing to do with the question i asked at all...

anandramapathy Wed, 08/22/2007 - 00:57
User Badges:
  • Bronze, 100 points or more

Do you have public servers exposed to the Internet in your PIX & a DMZ ?


Are you using this only for NAT ?



if it is case 2, it is pretty simple,



ON your LAN gateway, put a policy route for a test subnet pointing towards the ASA & test all functionalities.


The default route will be via the PIX.


When everything is ok, just change the default route to the ASA & remove the Route map




acid_kewpie Wed, 08/22/2007 - 01:02
User Badges:

thanks,


as above, we do not control the gateway device which is routing to the PIX and ASA internet presentations, this is our service provider. these addresses are not NAT addresses on the devices, but are routed through the devices into our LAN.

anandramapathy Wed, 08/22/2007 - 01:10
User Badges:
  • Bronze, 100 points or more

could you pls explain again as what is your requirement ?




Actions

This Discussion