Jon Marshall Thu, 12/03/2009 - 04:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sidcracker wrote:

Hi All,

How can we add secondary IP Addresses to interfaces in ASA? What is the need for secondary addresses on an interface?


You can't but then you don't really need to eg.

you have an outside interface with a public IP address. You now need some more public IPs and your ISP gives you a new /29 block of public IPs. Because they have been assigned to you the ISP will route those addresses to your ASA ie. the existing outside interface.

So to use them you do not need to physically address any other interface, you just use NAT statements eg you have al web server that you want to present to the Internet with one of the new public IPs

static (dmz,outside) netmask

then just add an ace in your outside acl

access-list outside_access_in permit tcp any host eq www



This Discussion