Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Discontiguous IP blocks to Same ASA5510

I currently have an ASA5510 that has it initial IP block being provided by the DC, recently the company has had a need for a new IP block which has been given to us by the same DC but is also discontiguous from our original block.  I have ponder best possibilities to configure the outside interface to accept the new block but wanted to get some other opinions.  Any ideas would be greatly appreciated.

Thanks!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Red

Discontiguous IP blocks to Same ASA5510

Hi Nick,

You can use them until and unless those public ip's point towards the ASA outside interface by your service provider, it shoudl be fine, you can configure them on the ASA.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC

Discontiguous IP blocks to Same ASA5510

Yes that will work SP route pointing to your interface will bring traffic upto your outside interface of Firewall and based on your  requirement you can allow traffic by using ACL. Nothing much is really required.

6 REPLIES
Red

Discontiguous IP blocks to Same ASA5510

Hi Nick,

You can use them until and unless those public ip's point towards the ASA outside interface by your service provider, it shoudl be fine, you can configure them on the ASA.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Discontiguous IP blocks to Same ASA5510

So essenstially nothing fancy really needs to be done so the ASA recognizes the new block.  As long as the SP routes that block to the external inteface of my ASA and I create rules to allow the IP block through it will work?

Discontiguous IP blocks to Same ASA5510

Yes that will work SP route pointing to your interface will bring traffic upto your outside interface of Firewall and based on your  requirement you can allow traffic by using ACL. Nothing much is really required.

New Member

Discontiguous IP blocks to Same ASA5510

alright great, guess i was over thinking it.  I will give this a shot with some acl rules and get back shortly.

thanks.

Red

Discontiguous IP blocks to Same ASA5510

Sure no problem, let me know if you face any issues.

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Red

Discontiguous IP blocks to Same ASA5510

Yes Nicholas, thats correct, you just need to do the configuration that you have done for the previous /block on the ASA.

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
702
Views
0
Helpful
6
Replies
CreatePlease to create content