Secondary IP Addresses on ASA

Unanswered Question
Dec 3rd, 2009

Hi All,

How can we add secondary IP Addresses to interfaces in ASA? What is the need for secondary addresses on an interface?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 12/03/2009 - 04:55

sidcracker wrote:

Hi All,

How can we add secondary IP Addresses to interfaces in ASA? What is the need for secondary addresses on an interface?

Thanks

You can't but then you don't really need to eg.

you have an outside interface with a public IP address. You now need some more public IPs and your ISP gives you a new /29 block of public IPs. Because they have been assigned to you the ISP will route those addresses to your ASA ie. the existing outside interface.

So to use them you do not need to physically address any other interface, you just use NAT statements eg you have al web server 192.16.5.10 that you want to present to the Internet with one of the new public IPs

static (dmz,outside) 195.17.17.10 192.168.5.10 netmask 255.255.255.255

then just add an ace in your outside acl

access-list outside_access_in permit tcp any host 195.17.17.10 192.168.5.10 eq www

Jon

Actions

This Discussion