Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5510 multiple IP-ranges on interface Ethernet0/0

Hi,

I have an ASA5510 with a couple of servers behind it, using NAT. The configuration of Ethernet0/0 is:

(using fake IP's)

!

interface Ethernet0/0

nameif outside

security-level 0

ip address 99.99.99.40 255.255.255.224

!

The IP-range I can use is 99.99.99.40-62 (on the inside LAN I use 172.16.99.40-62), and they're all in use. Now the provider assigned me another range: 88.88.88.10-32. Is it possible to get this working together with the existing config? I would like the ASA to use the IP's like 88.88.88.40-62 on the outside interface, and use 172.16.99.10-32 on the inside...

I am not sure how to do this, and since the ASA is production I would not like to just trial and error...

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

Hi,

If the ASA is going to continue to use the same range on the outside and the inside then don't change the config.... you just want to have internal servers using the new range 88.88.88.x?

If so.. create the static NATs for the new range and permit the traffic with the outside ACL.

The trick to make this work is that the outside device (ISP) should have a route to 88.88.88.x pointing to the outside IP of the ASA 99.99.99.x

Hope it helps.

Federico.

7 REPLIES

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

Hi,

If the ASA is going to continue to use the same range on the outside and the inside then don't change the config.... you just want to have internal servers using the new range 88.88.88.x?

If so.. create the static NATs for the new range and permit the traffic with the outside ACL.

The trick to make this work is that the outside device (ISP) should have a route to 88.88.88.x pointing to the outside IP of the ASA 99.99.99.x

Hope it helps.

Federico.

New Member

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

No, its the other way around, I want to use the same ip range on the inside and use different ranges (88.88.88. and 99.99.99.) on the outside...

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

You cannot map a single internal IP to more than one external IPs... unless running 8.3.x code.

Federico.

New Member

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

I'm afraid I am not clear in what I need, but its difficult for me since i am a newbe. I dont want to map one internal ip to more than one external ip's, i just want to use two different ranges on the outside...

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

So, to use two different ranges in the outside... is the first answer that I gave you  :-)

One range will be assigned to the outside interface of the ASA (no problem here).

The other range will have no interface IP, so you need a route back from the ISP.

Federico.

New Member

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

You were right, it works. I'm so sorry for being such a noob.  Many thanks man!

Re: ASA5510 multiple IP-ranges on interface Ethernet0/0

No problem, I'm glad I could help :-)

Thanks for the rating!

Federico.

1679
Views
0
Helpful
7
Replies