Assigning a second external IP address to ASA 5505

Unanswered Question
Dec 19th, 2008
User Badges:

Hi,

I have a working asa 5505 installation that I would like to configure for one more external IP address. My problem is when I try to create a second outside interface, called outside2 for example, i get an error message say that the subnet is overlapping with the previously configured outside interface. This probably makes sense but how do I assign a second, or even a third, external IP address to my asa.


Our ISP gave us five public addresses so I figured I'd use at least a few of them.


Thanx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
robbhanMid Fri, 12/19/2008 - 06:53
User Badges:

I solved it my self.


The best way to assign multiple IP addresses to one interface is to use static nat.


For example:

static (inside,outside) x.x.110.250 192.168.1.250 netmask 255.255.255.255


static (inside,outside) x.x.110.251 192.168.1.250 netmask 255.255.255.255

JORGE RODRIGUEZ Sat, 12/20/2008 - 15:07
User Badges:
  • Green, 3000 points or more

Hi Robert,

Just to correct perhaps minor typo, your current static entries that uses two different public IP addresses mapped to a single inside host of 192.1678.1.250 can only be possible through Policy NAT as it is not possible through static NAT to map two or more global addresses to a single inside host.

I think your static nat entry was meant to map a second public IP to a different host inside your LAN which is general practice when ISP hands out a block of public IP addresses for their clients to use.


Your static perhaps meant to be towards two inside hosts 192.168.1.250 & 251 or perhaps some other host other then 250.


static (inside,outside) x.x.110.250 192.168.1.250 netmask 255.255.255.255

static (inside,outside) x.x.110.251 192.168.1.251 netmask 255.255.255.255



Regards


Actions

This Discussion