cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
740
Views
20
Helpful
8
Replies

Need help adding a second range of public IP's to my 5510

a.grussner
Level 1
Level 1

I needed to purchase a block of 8 IP's for a few new servers and my ISP gave me a set of totally different IP's than what I currently have. How can I add these to my network and is it a pain to setup? The current public IP for my 5510 is 209.254.56.XX with subnet 255.255.255.248. The new set of IP's they gave me are 64.199.37.201-.208 with subnet 255.255.255.248. The .201 is the their router sitting in front of my ASA 5510. They couldn't tell me how to set it up since they claim to not know the PIX. Any help would be greatly appreciated. Thanks.

8 Replies 8

acomiskey
Level 10
Level 10

Are these additional ip's or are you replacing your 209. subnet addresses? I assume these are additional addresses. If so, all you need to do is have them route that subnet to the outside of your pix, write your statics for your servers etc. and that's it.

These are additional IP's so I'm not replacing the 209's. So all I need to do is add a static route on the external interface with each new IP address and the new Gateway IP they gave me? Could you give me an example config? I should be able to figure it out once I see it. Thanks.

"So all I need to do is add a static route on the external interface"

-No, not a static route. As long as the isp is routing the new subnet to you all you have to do is start using it for your new servers like so...

static (dmz,outside) 64.199.37.201 x.x.x.x netmask 255.255.255.255

"and the new Gateway IP they gave me"

-Is this a 2nd connection all together? Is this terminating to another interface on the firewall? I thought you just got more ip addresses.

Yes the ISP is routing the new subnet to my PIX. This is all on the same connection so I'm only using a single interface on my PIX for the connection to the ISP's router. They did give me another gateway address for the new list of IP addresses and told me that it was setup on ehternet interface of the router like my current address I use for the 209 network. Do I need anything setup on the PIX so it knows to route all the new IP address traffic to the second IP on the router for the new network? THanks.

I had the firewall all setup and I still couldn't get access to my new server but I knew the firewall was right. My ISP finally figured out that they were blocking my new range of IP's so once they fixed that everything started working. Thanks for the help.

Assuming you have some sort of router in front of the PIX, ie directly connected to your ISP, you need a static route on that router for the new subnet pointing to your PIX outside interface. From there, you use the addresses just as your normally might - creating NAT entries, and ACL entries.

I assume your ISP is taking care of routing those addresses to your network, right?

Yes the ISP has already setup the routing so I'll just add my NAT and ACL entries and let you know how it goes. Thanks.

JORGE RODRIGUEZ
Level 10
Level 10

your ISP have to route the additional IP block back to your ASA outside interface.

on the ISP router they have to add a static route.

ip route 64.199.37.0 255.255.255.248 ASA_outside_IP

on your ASA simply create your new NAT pool or static NAT and of course your acls.

HTH

Jorge

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: