cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
709
Views
0
Helpful
6
Replies

Assigning different outside IP Address on multiple VLAN

rmanapat
Level 1
Level 1

Hi, I have 5 usable static IP Address provided by my ISP.  I am using an ASA5505 with Security Plus firewall.  My question is, can I assign each usable IP Address to a specific VLAN so that when they go out to access the Internet, it will show that the source public IP Address is coming from that assigned IP  and not just whatever the gateway that's assigned on my route statement?  Please look at the example provided below;

     OUTSIDE IP ADDRESS                                        VLAN                                   INSIDE IP ADDRESS

     208.155.152.1                                                       1                                        192.168.1.0

     208.155.152.2                                                       3                                        192.168.2.0

     208.155.152.3                                                       4                                        192.168.3.0

     208.155.152.4                                                       5                                        192.168.4.0

Any information as to what commands should I use would greatly be appreciated.  Thank you so much.

Russell

6 Replies 6

Russell,

The limitation here is that the ASA 5505 running Security Plus or any other ASA in fact, will allow you to use only a single default gateway simultaneously.

You can have up to three default gateways with the same metric out the same interface (but the three next hops should belong to the same subnet).

You can have multiple backup default gateways via different interfaces (with different metrics).

What is that you're trying to accomplish?

Federico.

Federico,

     first of all, I would like to thank you for your quick response.  Basically what I'm trying to accomplish is to separate each VLAN and have them reflect different outside IP Address.  I'm doing thing for compliancy purposes.  In the example that I provided earlier, I want everybody that's on VLAN1 to reflect 208.155.152.1 as the source outside IP Address whenever they access the internet, VLAN3 would reflect 208.155.152.2 as the source IP Address when they access the internet and the same for the rest of the VLAN's.

     Sorry if my explanation is confusing.  But if you need more information, please let me know.  Thanks again for the quick response.

Russell

Let's see:


You can do the following:

interface vlan 1
ip address 208.155.152.1

interface vlan 2
ip address 208.155.152.2

interface vlan 3
ip address 208.155.152.3

interface vlan 4
ip address 208.155.152.4

My question is... which subnet mask will you configure on each VLAN?
Because if you configure any other subnet mask besides 255.255.255.255 you will get an overlapping error.

And, if you configure a /32bit mask, nothing else can be connected on that interface.

If your goal is for different VLANs to be seeing with different source address when they send traffic,
I would think that you can do NAT to accomplish this.

Federico.

I think I'm referring to different VLAN reflecting different source address when they send traffic.  What would be the recommended NAT or configuration should I put on my ASA?  Thanks again.

Russell

I'm assuming all the networks are /24s?  Here's an example:

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 208.155.152.1

!

nat (inside) 2 192.168.2.0 255.255.255.0

global (outside) 2 208.155.152.2

!

...and so on for each IP and netblock.

Please check & backup any existing NAT & Global config's before configuration.  If you're still unsure, post your config, sans sensitive information, for us to take a peek at.

Terry,

     Thank you for your response.  I will try that and will let you know if that works for me or not.  I will not be implementing it until tommorow so let's see what happens.  Thank you again for your quick response.

Russell

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: