we currently have a Microsoft ISA server separating our internal network from the outside. The outside NIC has a secondary ip assigned to it, so for example purposes, lets say the outside interface primary is 184.108.40.206 and the secondary is 220.127.116.11. The interface connects to a router that also has secondary ip addressing. currently, traffic can come into either range and the ISA server is setup for one-to-one NAT for both of these ip ranges, and it NATs it to an address on the inside subnet, 172.16.1.0. We need to replace our ISA with a hardware firewall solution. How would an ASA handle how the ISA is currently setup? Can it do secondary ip on the external interface, and if so, can it also handle NATn'g for both.
If not, can anyone offer any other solutions that doesn't involve having to purchase additional network equipment aside from the firewall itself? If the firewall is not capable of doing this off a single external interface, my only workaround I could think of was to add a 2nd NIC to the external router, and move the secondary ip to that new NIC. Then we could purchase an ASA that could have 2 external interfaces, one in each subnet, and connect them to their respective interfaces on the router. Would this solution work, and can an ASA5505 perform this or would we need to look at a higher end model? we want to get by with an inexpensive solution, we don't have the need for a high end firewall, but if the low end has some sort of limitation for what we need to do, then we need to know which model will support our needs. Any insight would be appreciated.