Thanks for your comment. Yes, old version of ASA or other band of firewall could able to procedure secondary interfaces as a gateway. (It may require to open another topic later on as I have many different subnets with different VLAN)
There should be more clear talking about network setup.
Three group of IP range:
a. WAN IP - used as a gateway to router
b. Production WAN IPs range - Used to assign user or server
c. private IP range - internal user
Internal User with Private IP range require to access Internet. But no need to map 1-to-1 NAT and external Internet will not able to direct access private LAN
Now is should require 3 interfaces? 1 for WAN, 1 as a DMZ and 1 for INSIDE?
So you are saying that you would have LAN users in both private and public subnets? Have you previously used a Router as those subnets gateway or what is the situation?
A Cisco Router could handle "secondary" address on its interface while the ASA can not. In some older versions it was possible to configure the ASA so that it could act as a gateway for different subnets on a single interface but as its not possible anymore its not really an option to use older software ASA just for this purpose.
So as I said, if the situation is that you have 2 LAN subnets (private and public) you would either have to have their gateways configured on an actual router or have them in separate ASA interfaces.
Though you did not mention is the public subnet meant for the users the only public subnet allocated to you or do you have another public subnet on the WAN edge of the ASA? If you do not have any other public subnet then you would have to further subnet the existing subnet that would enable you to split one part of the public address space to the actual users and one to the WAN interface of the ASA. And since in that case the next hop device from ASA would most likely be an ISP device you would also have to work with them to make sure that they use the same subnet between them and your ASA and also route the other (split) subnet towards your ASA WAN interface IP address so that connections for the LAN users in public subnet would also work.
With regards the ASA NAT configurations the most important thing in new software levels (8.3+) is that you make sure that there is no NAT configurations that would perform NAT for the public subnet so they can connect to the Internet directly with their actual configured IP addresses.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :