Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1371
Views
0
Helpful
6
Replies

ASA 5505 & Multiple external IP

frankbailey
Level 1
Level 1

‎07-24-2010 05:40 AM - edited ‎03-11-2019 11:15 AM

Hi,

I have a business Broadband, which has 5 IP addresses spread over 3 class C's supernetted for it to work each IP needs to be registered to a unique MAC address.
Is there any way I can get my ASA 5505 to have all 5 ip's on one interface, listening with 5 separate MAC's

EG:
Range 80.0.0.0 - 80.0.2.254 /22

IP1 80.0.0.212 MAC 0000:0000:00A0
IP2 80.0.0.240 MAC 0000:0000:00A1

IP3 80.0.1.35   MAC 0000:0000:00A2
IP4 80.0.1.118 MAC 0000:0000:00A3
IP5 80.0.2.228 MAC 0000:0000:00A4

All on eth0 set as the external interface.


Thanks in advance

Frank

Labels:
0 Helpful
6 Replies 6

David White
Cisco Employee
Cisco Employee

‎07-24-2010 06:44 AM

Hi Frank,

Unfortunately, this is not possible.  All IPs that are owned by the ASA will have the same MAC.  The only exception to this is for the standby IP in a failover set.

A follow-up question though.  Why does each IP need to be associated with:

  - a different MAC

  - a specific MAC

?

Sincerely,


David.

0 Helpful

frankbailey
Level 1
Level 1
In response to David White

‎07-24-2010 11:22 AM

The way that my broadband works is that I get 5 IP addresses that are assigned to the cable modem, and you have to have a different MAC for each one. It would be better if they gave you a range of IP's, but they say that can't be done. So my 5 IP's are dotted about 3 subnets. I have to have a router for each one, which is a pain.
(ISP is a UK Cable Company)

Cheers

Frank

0 Helpful

David White
Cisco Employee
Cisco Employee
In response to frankbailey

‎07-24-2010 11:53 AM

Hi Frank,

Unfortunately, in that case there isn't anything the ASA can do for you to help you utilize all 5 IPs.

Sincerely,

David.

0 Helpful

Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to frankbailey

‎07-24-2010 12:08 PM

Hello,

If you really need to have 5 different MAC addresses, then you could

probably use a L3 switch module on a router (4 port or 9 port) and put each

port on a separate VLAN. That should allow you to register separate MAC for

each public IP and you will be able to use the firewall feature set on the

router.

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet

0900aecd8016bf0b_ps5855_Products_Data_Sheet.html

Hope this helps.

Regards,

NT

0 Helpful

frankbailey
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-25-2010 02:44 AM

The 5 Vlan method was the first I thought of, but wasn't sure about. I will give it a whirl and report back.

Thanks

Frank

0 Helpful

frankbailey
Level 1
Level 1
In response to frankbailey

‎07-26-2010 12:10 AM

Update:

5 Ports in 5 Vlans doesn't work.

1st interface goes in OK, but once you get to the 2nd it fires an error pointing out that they are infact on the same subnet.

Back to Square One. But thanks for the help.

Frank

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card