Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
5
Replies

Mapping public ip's to interfaces

joda776moon
Level 1
Level 1

‎09-05-2013 04:47 AM - edited ‎03-11-2019 07:34 PM

Hi i'm new to the world of asa and i hope that someone can guide me in the right direction.

We have a 5510 (7.1) with 4 active interfaces an one wan

Our ISP have given us a public ip range. We have set up default route and we have connection to the internet.

Now we what to ensure that each interface is browsing with seperate public ip's and there is no access between the interfaces.

How do we do that?

Hope that som of you gurus can help me along :-)

Best

Jns

Labels:
0 Helpful
5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

‎09-05-2013 05:22 AM

Hi,

Now we what to ensure that each interface is browsing with seperate public ip's and there is no access between the interfaces.

For second part just configure the 4 internal interfaces with same security level and they won't be able to communicate by default.

For first part just use dynamic PAT:

for example you've got 2 internal interfaces named INT1(192.168.1.0/24) and INT2(192.168.2.0/24) and you've got the WAN named OUT.

nat(INT1) 1 192.168.1.0 255.255.255.0

nat(INT2) 1 192.168.2.0 255.255.255.0

global(OUT) 1 interface

Also enable icmp inspection if you want to ping the outside world from your internal interfaces: fixup protocol icmp

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Karsten Iwen
VIP
VIP
In response to cadet alain

‎09-05-2013 05:27 AM

He wants to have different public IPs for each internal interface. So we need four NAT-Pools:

nat(INT1) 1 Net1/mask

nat(INT2) 2 Net2/mask

nat(INT3) 3 Net3/mask

nat(INT4) 4 Net4/mask

global (outside) 1 IP1

global (outside) 2 IP2

global (outside) 3 IP3

global (outside) 4 IP4

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Karsten Iwen

‎09-05-2013 05:39 AM

Hi Karsten,

OUPS my fault I didn't read carefully what Jens wanted to achieve

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

joda776moon
Level 1
Level 1
In response to cadet alain

‎09-05-2013 04:42 PM

Thank you both for spending your time to help me :-)

Well i just realised that we're running version 9.1 and the nat has changed - no global command. Any chance for you know to accomplish your solution in v 9.1?

Best

Jns

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to joda776moon

‎09-05-2013 08:30 PM

Hello Jens,

Object Network Lan_1

subnet 192.168.10.0 255.255.255.0

Object Network Lan_2

subnet 192.168.20.0 255.255.255.0

object network Pool_1

  range 50.50.50.1 50.50.50.10

object network Pool_2

range 100.100.100.1 100.100.100.10

Then the NAT
nat (inside,outside) source dynamic Lan_1 Pool_1

nat (dmz,outside) source dynamic Lan_2 Pool_2

I think you get the idea

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card