Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
3
Helpful
4
Replies

Multiple IP addresses on ASA 5510?

bdw
Level 1
Level 1

‎12-13-2007 03:24 PM - edited ‎03-12-2019 05:50 PM

I'm new to the world of cisco. (asa 5510).

I have a rack at a data center that has multiple IP addresses - 254.16.220.1 thru 254.16.220.62 (obviously not the acutal addresses.)

I need to integrate it slowly into my rack, pulling one server behind it at a time.

How do i configure a single ethernet port to respond to multiple ip addresses?

For example - today i would like the external interface to answer to 254.16.220.10 and tomorrow i'd like to add in 254.16.220.15, the the next day 254.16.220.55, and so on.

Suggesstions????

THANKS!

Labels:
0 Helpful
4 Replies 4

husycisco
Level 7
Level 7

‎12-14-2007 12:22 AM

Hi Brian

When you assign an IP address to an interface with a valid subnetmask, the interface becomes responsile for the IPs in network. For example, if you assign 254.16.220.1 255.255.255.248 to your outside interface, traffic of IP range 254.16.220.1-254.16.220.6 is controlled by outside interface. Connection attempt to any IP in this range is controlled by your outside interface.

If you are on to use the IPs you type as interface IPs, this is not possible. You can create sub-interfaces and do VLAN tagging with a VLAN compatible switch with a trunk port, but assigned IPs must be in different networks.

If you tell us what you are on to in details, we may produce some alternative suggestions

Regards

0 Helpful

bdw
Level 1
Level 1
In response to husycisco

‎12-14-2007 04:00 AM

That is what i was afraid of.

Here's my scenario:

I have my ethernet coming into my rack that is presently hooked into my switch. So the traffic comes into my dell powerconnect 2724 switch, then goes directly to the boxes from there. all of my servers have external IP addresses currently. (I didn't design it - no firewall.)

What i'd love to do is be able to stage the depolyment of the firewall so that i can bring the servers behind the firewall one at a time, and not have to reconfigure the entire rack at once.

I was hoping to have the ether come in, plug into the switch, plug the firewall into the switch and tell it what IPs to route as i implement the solution.

Make any sense?

0 Helpful

csco11029214
Level 1
Level 1
In response to bdw

‎12-14-2007 04:33 AM

Hi Brian,

As far as what I think, the ASA also acts as a routing device so it can not be configured after an already routed network consisting hosts with global IP addresses. If the firewall is to be deployed, it has to be made as the gateway for the hosts behind it. Individual hosts can be added to its internal interface but not on the network/switch the hosts are already connected to the ethernet through. I am in a same situation just like you and I do not want to change the addresses of current hosts when I deploy the firewall before them, but I am still awaiting assistance from the senior techies for my issue as well.

Murtaza.

0 Helpful

hwknight53
Level 1
Level 1
In response to bdw

‎12-14-2007 04:46 AM

I think that you have two choices.

1. Use an ASA in Transparent mode. Then the servers could continue to use their current public addresses.

2. Use the ASA in Routed mode and use a different static nat for each server. For instance, move 254.16.220.10 behind the ASA, assign it a private IP address, and create a static nat entry that maps that private IP address to 254.16.220.10.

Wes

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card