ASA 5505 & Multiple external IP

Unanswered Question
Jul 24th, 2010
User Badges:

Hi,

I have a business Broadband, which has 5 IP addresses spread over 3 class C's supernetted for it to work each IP needs to be registered to a unique MAC address.
Is there any way I can get my ASA 5505 to have all 5 ip's on one interface, listening with 5 separate MAC's


EG:
Range 80.0.0.0 - 80.0.2.254 /22


IP1 80.0.0.212 MAC 0000:0000:00A0
IP2 80.0.0.240 MAC 0000:0000:00A1

IP3 80.0.1.35   MAC 0000:0000:00A2
IP4 80.0.1.118 MAC 0000:0000:00A3
IP5 80.0.2.228 MAC 0000:0000:00A4


All on eth0 set as the external interface.



Thanks in advance


Frank

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David White Sat, 07/24/2010 - 06:44
User Badges:
  • Cisco Employee,

Hi Frank,


Unfortunately, this is not possible.  All IPs that are owned by the ASA will have the same MAC.  The only exception to this is for the standby IP in a failover set.


A follow-up question though.  Why does each IP need to be associated with:

  - a different MAC

  - a specific MAC

?


Sincerely,


David.

frankbailey Sat, 07/24/2010 - 11:22
User Badges:

The way that my broadband works is that I get 5 IP addresses that are assigned to the cable modem, and you have to have a different MAC for each one. It would be better if they gave you a range of IP's, but they say that can't be done. So my 5 IP's are dotted about 3 subnets. I have to have a router for each one, which is a pain.
(ISP is a UK Cable Company)


Cheers


Frank

David White Sat, 07/24/2010 - 11:53
User Badges:
  • Cisco Employee,

Hi Frank,


Unfortunately, in that case there isn't anything the ASA can do for you to help you utilize all 5 IPs.


Sincerely,


David.

Nagaraja Thanthry Sat, 07/24/2010 - 12:08
User Badges:
  • Cisco Employee,

Hello,


If you really need to have 5 different MAC addresses, then you could

probably use a L3 switch module on a router (4 port or 9 port) and put each

port on a separate VLAN. That should allow you to register separate MAC for

each public IP and you will be able to use the firewall feature set on the

router.


http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_s...

0900aecd8016bf0b_ps5855_Products_Data_Sheet.html


Hope this helps.


Regards,


NT

frankbailey Sun, 07/25/2010 - 02:44
User Badges:

The 5 Vlan method was the first I thought of, but wasn't sure about. I will give it a whirl and report back.


Thanks


Frank

frankbailey Mon, 07/26/2010 - 00:10
User Badges:

Update:

5 Ports in 5 Vlans doesn't work.

1st interface goes in OK, but once you get to the 2nd it fires an error pointing out that they are infact on the same subnet.


Back to Square One. But thanks for the help.


Frank

Actions

This Discussion