Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mapping public ip's to interfaces

Hi i'm new to the world of asa and i hope that someone can guide me in the right direction.

We have a 5510 (7.1) with 4 active interfaces an one wan

Our ISP have given us a public ip range. We have set up default route and we have connection to the internet.

Now we what to ensure that each interface is browsing with seperate public ip's and there is no access between the interfaces.

How do we do that?

Hope that som of you gurus can help me along :-)

Best

Jns

5 REPLIES
Purple

Mapping public ip's to interfaces

Hi,

Now we what to ensure that each interface is browsing with seperate public ip's and there is no access between the interfaces.

For second part just configure the 4 internal interfaces with same security level and they won't be able to communicate by default.

For first part just use dynamic PAT:

for example you've got 2 internal interfaces named INT1(192.168.1.0/24) and INT2(192.168.2.0/24) and you've got the WAN named OUT.

nat(INT1) 1 192.168.1.0 255.255.255.0

nat(INT2) 1 192.168.2.0 255.255.255.0

global(OUT) 1 interface

Also enable icmp inspection if you want to ping the outside world from your internal interfaces: fixup protocol icmp

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
VIP Purple

Re: Mapping public ip's to interfaces

He wants to have different public IPs for each internal interface. So we need four NAT-Pools:

nat(INT1) 1 Net1/mask

nat(INT2) 2 Net2/mask

nat(INT3) 3 Net3/mask

nat(INT4) 4 Net4/mask

global (outside) 1 IP1

global (outside) 2 IP2

global (outside) 3 IP3

global (outside) 4 IP4

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Purple

Mapping public ip's to interfaces

Hi Karsten,

OUPS my fault I didn't read carefully what Jens wanted to achieve

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Mapping public ip's to interfaces

Thank you both for spending your time to help me :-)

Well i just realised that we're running version 9.1 and the nat has changed - no global command. Any chance for you know to accomplish your solution in v 9.1?

Best

Jns

Mapping public ip's to interfaces

Hello Jens,

Object Network Lan_1

subnet 192.168.10.0 255.255.255.0

Object Network Lan_2

subnet 192.168.20.0 255.255.255.0

object network Pool_1

  range 50.50.50.1 50.50.50.10

object network Pool_2

range 100.100.100.1 100.100.100.10

Then the NAT
nat (inside,outside) source dynamic Lan_1 Pool_1

nat (dmz,outside) source dynamic Lan_2 Pool_2

I think you get the idea

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
173
Views
0
Helpful
5
Replies