5 IP address (external) how to route

carmonj · ‎12-21-2016

We have an ASA5512 x series Version 3 that we need to setup for multiple incoming IP addresses. Not sure where to start with this. We do need some specific steps to take so please be specific.

For example we have 1 external Ip address 174.98.0.1 (not our IP address) that we have routed to our email server. We have just registeed a sub domain and linked it to 174.98.0.2 that we want to use as a VPN connection. We have comcast business as our ISP so we do have 5 external IP address. We need to forward traffic from 174.98.0.2 to an internal terminal server call in 192.168.0.2.

I am unable to link GigabitEthernet 0/1 to 174.98.0.2 because it is on the same subnet at 174.98.0.1.

Any solutions come to mind for us? I have looked into setting up NAT pooling, but an unable to find the specific steps to accomplish that on an ASA 5512 X.

Please help.

Marvin Rhoads · ‎12-21-2016

You are confusing routing and NAT policies.

Your internal network 192.168.0.x connects to an inside ASA insterface in that same subnet.

Your external network 174.98.0.x connects to an outside ASA interface with a default route to your Comcast router's interface in that same subnet.

If you are allowing incoming VPN connections, they must terminate on the ASA's outside interface address.

If you want to allow incoming access to internal servers, each must have a static NAT or PAT entry mapping their internal address to one of the available external addresses. That may or may not be the interface address. You must also have a coresponding access list entry in and ACL that is applied to the outside interface to allow the traffic to enter from outside.