We have used a PIX, then a SonicWall and I am configuring an asa5525 to replace it. The outside address given by the phone company is a /31 mask(.254) is there any workaround short of asking them to reprovision it to get this to work on the asa? It's like finding hen's teeth to get them to do anything in a timely fashion. It's iritating that the .254 has worked on every other firewall but not on this which is so much newer. Thanks for the help!
I imagine you could always configure it with a /30 mask (or larger) and the ISP could still have the smaller subnet mask in use.
I doubt you have any need to contact those destination IP addresses (public) that are now according to your configured interface subnet mask part of your network although they are actually assigned to someone else by the ISP. So there should be no problems for you using a different mask compared to the one of the ISP.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...