Secondary IP on Outside Interface

Unanswered Question
Aug 20th, 2009
User Badges:

Hi


Is it possible to have seconday ip address on OUTSIDE Interface of ASA 5540 8.0(4) ? I am trying to get new ip scheme for our network and I have 1200 tunnels terminating to this box.I want to gradually move them to new IP address rather than replacing the IP of OUTSIDE Interface


Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
CCDECCDE9 Wed, 09/02/2009 - 07:10
User Badges:

If I add an another interface to ASA and configure it with new ip ,can I terminate tunnels to this interface ?

srue Wed, 09/02/2009 - 08:21
User Badges:
  • Blue, 1500 points or more

is the new IP address in the same subnet as the existing outside interface?

srue Wed, 09/02/2009 - 09:00
User Badges:
  • Blue, 1500 points or more

then use an unused interface, or create a subinterface and apply the new IP.

CCDECCDE9 Wed, 09/02/2009 - 09:48
User Badges:

OK

Today I have route for outside going through existing IP.When I add new interface and ip do I need to add any extra routing ?

alig.norbert Thu, 09/03/2009 - 08:07
User Badges:

On the ASA, there is only ONE default gw possible.

You have to add a static route for each site-to-site vpn (public IP and branch-LAN) to use the new WAN-interface.

CCDECCDE9 Thu, 09/03/2009 - 13:21
User Badges:

Is the following route correct ? ALso do I have to name it "Outside" and same security level as the existing "outside" interface


"route add outside 172.17.2.0 255.255.255.0 19.x.x.x "


where 172.17.2.0 = LAN on the other side of tunnel and


19.x.x.x =public ip of my new interface

August Ritchie Thu, 09/03/2009 - 13:35
User Badges:
  • Bronze, 100 points or more

If Outside is your new interface, here is your route statement.


route Outside 172.17.2.0 255.255.255.0


You don't want to route to your public interface, you want to route to the new interface's default route. Check out this example below for a full configuration idea.


2 interfaces: E1, E2


E1 is for all traffic but VPN

E2 is for VPN only


Default gateway for E1 is 77.0.0.1

Default gateway for E2 is 88.0.0.1


VPN peer is 65.0.0.1 255.255.255.255

VPN lan addresses 10.0.0.0 255.0.0.0


route E1 0.0.0.0 0.0.0.0 77.0.0.1


route E2 65.0.0.1 255.255.255.255 88.0.0.1

route E2 10.0.0.0 255.0.0.0 88.0.0.1

Actions

This Discussion