cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1975
Views
0
Helpful
7
Replies

ASA5510 multiple IP-ranges on interface Ethernet0/0

Casperdegeus
Level 1
Level 1

Hi,

I have an ASA5510 with a couple of servers behind it, using NAT. The configuration of Ethernet0/0 is:

(using fake IP's)

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 99.99.99.40 255.255.255.224

!

The IP-range I can use is 99.99.99.40-62 (on the inside LAN I use 172.16.99.40-62), and they're all in use. Now the provider assigned me another range: 88.88.88.10-32. Is it possible to get this working together with the existing config? I would like the ASA to use the IP's like 88.88.88.40-62 on the outside interface, and use 172.16.99.10-32 on the inside...

I am not sure how to do this, and since the ASA is production I would not like to just trial and error...

Thanks!

1 Accepted Solution

Accepted Solutions

Hi,

If the ASA is going to continue to use the same range on the outside and the inside then don't change the config.... you just want to have internal servers using the new range 88.88.88.x?

If so.. create the static NATs for the new range and permit the traffic with the outside ACL.

The trick to make this work is that the outside device (ISP) should have a route to 88.88.88.x pointing to the outside IP of the ASA 99.99.99.x

Hope it helps.

Federico.

View solution in original post

7 Replies 7

Hi,

If the ASA is going to continue to use the same range on the outside and the inside then don't change the config.... you just want to have internal servers using the new range 88.88.88.x?

If so.. create the static NATs for the new range and permit the traffic with the outside ACL.

The trick to make this work is that the outside device (ISP) should have a route to 88.88.88.x pointing to the outside IP of the ASA 99.99.99.x

Hope it helps.

Federico.

No, its the other way around, I want to use the same ip range on the inside and use different ranges (88.88.88. and 99.99.99.) on the outside...

You cannot map a single internal IP to more than one external IPs... unless running 8.3.x code.

Federico.

I'm afraid I am not clear in what I need, but its difficult for me since i am a newbe. I dont want to map one internal ip to more than one external ip's, i just want to use two different ranges on the outside...

So, to use two different ranges in the outside... is the first answer that I gave you  :-)

One range will be assigned to the outside interface of the ASA (no problem here).

The other range will have no interface IP, so you need a route back from the ISP.

Federico.

You were right, it works. I'm so sorry for being such a noob.  Many thanks man!

No problem, I'm glad I could help :-)

Thanks for the rating!

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: