What you are wanting to do is not possible in routed mode. Identity NAT would not work. You would have to assign 220.127.116.11 to a device behind the firewall, but it would not be able to communicate with anything because it won't have a default gateway on the same subnet. Even if you could allocate a block (say a /30) from the class C subnet, the traffic would never get there as it the firewall would think those IPs are on the outside interface.
What you could potentially do, and I would definitely not recommend this, is using a second context in transparent mode and pass that subnet through the transparent context. That configuration would get very confusing and makes supporting the network much more difficult.
May I ask, what is driving the need to have that IP assigned directly to a device behind the firewall?
Interesting I already have this setup. I have a /32 on a loop back interface on an internal router/nat box, internally I am using ospf to propogate the route... as its a /32 its on that address that is being routed and not the whole subnet.
I am doing my NAT closer to where I need it and not on the outside firewall (asa5520)
from my reading of the nat stuff on the asa, identity nat will force the ASA to stop looking at any other nat rules and drop down into the routing table.
My concern is I don't really have a test bed so was hoping to see if any one has done the same thing.
Which bascially is some of the /24 is object nat'ed and some is identity object nat'ed
Remember, the ASA is not a router, and due to built in security features, a lot of the tricks you can use on a router will not work on the ASA. Since it has a /24 assigned to the outside interface, it will not allow a slice of that to be routed to another interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...