Forgive me if this question has been asked in other forms before but I have not been able to find a recent answer.
Does the Cisco ASA platform support /31 RFC 3021 addressing on it's interfaces in any of the latest versions of code. We work regularily with a service provider who's default offering is /31 addressing for public addresses and we always have to request at least a /30 address space for the ASA to work with.
It would be really useful to allocate a /31 address to the ASA interface.
As a secondary question linked to this - My understanding is as follows:-
1. For the ASA to terminate VPNs, the public IP address must be the actual outside interface address on the ASA terminating the VPNs.
2. All other firewall activities handling traffic via NAT could use an RFC1918 address on the outside interface with the SP provided public address just configured as NAT address/object NAT.
Are items 1 and 2 above correct statements ?
Thanks is advance for any replies and forgive me if these are rather basic questions.
Seems to me that the ASA doesnt support /31 mask subnets. I can't remember I would ever even tried using these on ASAs but I have used them on Cisco routers.
This is the result from my own home ASA5505 9.0(2)
ASA(config)# interface vlan 20
ASA(config-if)# ip add 10.0.255.1 255.255.255.254
ERROR: /31 mask is not allowed
As to your 2 other questions,
1.) For VPNs you will have to use the IP address configured on the ASA interface.
2.) You can use the IP address configured on the ASA interface as the Dynamic PAT IP address for all your internal networks. You can naturally also have additional public subnets (if the ISP provides you those) on that same external interface where the current link network is if you need additional NAT IP addresses.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...