Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2 public subnets on an ASA 5510

I've seen some posts where the following scenario is working and most other posts that state that the following scenario cannot be accomplished on an ASA 5510.

We have an ISP that is pushing out two separate public IP ranges, and we are to implement an ASA 5510. The setup will be:

ISP --> Cisco 2800 --> ASA 5510 --> Internal network.

The Cisco 2800 has three interfaces:

e0 65.65.65.82/28

e1 99.99.99.81/28

e2 2.2.2.201/29

ip route 0.0.0.0 65.65.65.81

We want the ASA to be set up as follows:

e0 outside 4.4.4.82/28

e1 outside2 2.2.2.202/29

e3 inside 192.168.0.0/16

The caveats are that both public ranges must be active at the same time. The public addresses have web servers attached to them. We also cannot use multiple security contexts (virtual firewalls) on this ASA because we want it to negotiate remote user VPN connections.

The problems that I have run into is that traffic will not respond on one range while the default route (eigrp or static) is set to one interface or another.

Can this be done? If so, how? I've looked at doing a default route on multiple tracks, and that didn't do the trick.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: 2 public subnets on an ASA 5510

Right. This cannot be done. The only way I can think of is policy based routing on the upstream router to use both ISPs (based on source IP address) and the ASA translate them to two diff. block of IPs based on diff. interfaces.

ASA inside 912.168.x.x

ASA dmz - 10.10.10.x (ASA will translate these to Z.Z.Z.Z)

ASA outside - y.y.y.y

Router on the outside if sees a packet with z.z.z.z will send it via interface-1 and if it sees packets with source ip y.y.y.y will send it out via interface-2.

Would this work for you?

2 REPLIES
Cisco Employee

Re: 2 public subnets on an ASA 5510

Right. This cannot be done. The only way I can think of is policy based routing on the upstream router to use both ISPs (based on source IP address) and the ASA translate them to two diff. block of IPs based on diff. interfaces.

ASA inside 912.168.x.x

ASA dmz - 10.10.10.x (ASA will translate these to Z.Z.Z.Z)

ASA outside - y.y.y.y

Router on the outside if sees a packet with z.z.z.z will send it via interface-1 and if it sees packets with source ip y.y.y.y will send it out via interface-2.

Would this work for you?

New Member

Re: 2 public subnets on an ASA 5510

Yes. This would work for me. I am now looking for examples on how to set this up on my 2800.

Thank you!

2853
Views
0
Helpful
2
Replies