11-18-2010 06:36 AM - edited 03-11-2019 12:11 PM
Hi,
I have an ASA5510 with a couple of servers behind it, using NAT. The configuration of Ethernet0/0 is:
(using fake IP's)
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 99.99.99.40 255.255.255.224
!
The IP-range I can use is 99.99.99.40-62 (on the inside LAN I use 172.16.99.40-62), and they're all in use. Now the provider assigned me another range: 88.88.88.10-32. Is it possible to get this working together with the existing config? I would like the ASA to use the IP's like 88.88.88.40-62 on the outside interface, and use 172.16.99.10-32 on the inside...
I am not sure how to do this, and since the ASA is production I would not like to just trial and error...
Thanks!
Solved! Go to Solution.
11-18-2010 06:46 AM
Hi,
If the ASA is going to continue to use the same range on the outside and the inside then don't change the config.... you just want to have internal servers using the new range 88.88.88.x?
If so.. create the static NATs for the new range and permit the traffic with the outside ACL.
The trick to make this work is that the outside device (ISP) should have a route to 88.88.88.x pointing to the outside IP of the ASA 99.99.99.x
Hope it helps.
Federico.
11-18-2010 06:46 AM
Hi,
If the ASA is going to continue to use the same range on the outside and the inside then don't change the config.... you just want to have internal servers using the new range 88.88.88.x?
If so.. create the static NATs for the new range and permit the traffic with the outside ACL.
The trick to make this work is that the outside device (ISP) should have a route to 88.88.88.x pointing to the outside IP of the ASA 99.99.99.x
Hope it helps.
Federico.
11-18-2010 01:57 PM
No, its the other way around, I want to use the same ip range on the inside and use different ranges (88.88.88. and 99.99.99.) on the outside...
11-18-2010 02:08 PM
You cannot map a single internal IP to more than one external IPs... unless running 8.3.x code.
Federico.
11-18-2010 02:16 PM
I'm afraid I am not clear in what I need, but its difficult for me since i am a newbe. I dont want to map one internal ip to more than one external ip's, i just want to use two different ranges on the outside...
11-18-2010 02:21 PM
So, to use two different ranges in the outside... is the first answer that I gave you :-)
One range will be assigned to the outside interface of the ASA (no problem here).
The other range will have no interface IP, so you need a route back from the ISP.
Federico.
11-19-2010 10:01 AM
You were right, it works. I'm so sorry for being such a noob. Many thanks man!
11-19-2010 10:13 AM
No problem, I'm glad I could help :-)
Thanks for the rating!
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: