ASA out interface ip mask /32

Unanswered Question
Mar 3rd, 2008

Hi All,

Working on configuring ASA , where the ISP assigned outside IP:20.20.20.67/32 and gateway: 20.20.20.69.

This ASA will act as regular NAT device and L2L tunnel to another location.

My question is /32 on outside is good enough tfor doing this config.

Please review and suggest.

Thank you

MS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fortis123 Tue, 03/04/2008 - 06:57

I just tried myself.. it is not accepted on ASA5510 interface. Saying 'bad Mask'.

Thank you

MS

michelcaissie Tue, 03/04/2008 - 11:15

I suggest you double check with your ISP.

The info you have doesn't make sense.

A 32 bits subnet is a one address subnet , meaning a single host. But your outside interface needs to be in the same subnet than your default gateway. The smallest subnet possible here would be a /30 subnet, wich give 4 addresses (2 usable) .

But .67 and .69 are not part of the same /30 subnet. And .67 would be a broadcast address in a /30 ( 64-65-66-67).

So .67 and .69 can only be part of at least a /29 subnet ( 64-65-66-67-68-69-70)

But you have to verify thisa with your ISP because both devices needs to be configure with the same subnet.

Actions

This Discussion