Jon Marshall Thu, 12/03/2009 - 04:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sidcracker wrote:


Hi All,


How can we add secondary IP Addresses to interfaces in ASA? What is the need for secondary addresses on an interface?


Thanks


You can't but then you don't really need to eg.


you have an outside interface with a public IP address. You now need some more public IPs and your ISP gives you a new /29 block of public IPs. Because they have been assigned to you the ISP will route those addresses to your ASA ie. the existing outside interface.


So to use them you do not need to physically address any other interface, you just use NAT statements eg you have al web server 192.16.5.10 that you want to present to the Internet with one of the new public IPs


static (dmz,outside) 195.17.17.10 192.168.5.10 netmask 255.255.255.255


then just add an ace in your outside acl


access-list outside_access_in permit tcp any host 195.17.17.10 192.168.5.10 eq www


Jon

Actions

This Discussion