Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help adding a second range of public IP's to my 5510

I needed to purchase a block of 8 IP's for a few new servers and my ISP gave me a set of totally different IP's than what I currently have. How can I add these to my network and is it a pain to setup? The current public IP for my 5510 is 209.254.56.XX with subnet 255.255.255.248. The new set of IP's they gave me are 64.199.37.201-.208 with subnet 255.255.255.248. The .201 is the their router sitting in front of my ASA 5510. They couldn't tell me how to set it up since they claim to not know the PIX. Any help would be greatly appreciated. Thanks.

8 REPLIES
Green

Re: Need help adding a second range of public IP's to my 5510

Are these additional ip's or are you replacing your 209. subnet addresses? I assume these are additional addresses. If so, all you need to do is have them route that subnet to the outside of your pix, write your statics for your servers etc. and that's it.

New Member

Re: Need help adding a second range of public IP's to my 5510

These are additional IP's so I'm not replacing the 209's. So all I need to do is add a static route on the external interface with each new IP address and the new Gateway IP they gave me? Could you give me an example config? I should be able to figure it out once I see it. Thanks.

Green

Re: Need help adding a second range of public IP's to my 5510

"So all I need to do is add a static route on the external interface"

-No, not a static route. As long as the isp is routing the new subnet to you all you have to do is start using it for your new servers like so...

static (dmz,outside) 64.199.37.201 x.x.x.x netmask 255.255.255.255

"and the new Gateway IP they gave me"

-Is this a 2nd connection all together? Is this terminating to another interface on the firewall? I thought you just got more ip addresses.

New Member

Re: Need help adding a second range of public IP's to my 5510

Yes the ISP is routing the new subnet to my PIX. This is all on the same connection so I'm only using a single interface on my PIX for the connection to the ISP's router. They did give me another gateway address for the new list of IP addresses and told me that it was setup on ehternet interface of the router like my current address I use for the 209 network. Do I need anything setup on the PIX so it knows to route all the new IP address traffic to the second IP on the router for the new network? THanks.

New Member

Re: Need help adding a second range of public IP's to my 5510

I had the firewall all setup and I still couldn't get access to my new server but I knew the firewall was right. My ISP finally figured out that they were blocking my new range of IP's so once they fixed that everything started working. Thanks for the help.

Gold

Re: Need help adding a second range of public IP's to my 5510

Assuming you have some sort of router in front of the PIX, ie directly connected to your ISP, you need a static route on that router for the new subnet pointing to your PIX outside interface. From there, you use the addresses just as your normally might - creating NAT entries, and ACL entries.

I assume your ISP is taking care of routing those addresses to your network, right?

New Member

Re: Need help adding a second range of public IP's to my 5510

Yes the ISP has already setup the routing so I'll just add my NAT and ACL entries and let you know how it goes. Thanks.

Re: Need help adding a second range of public IP's to my 5510

your ISP have to route the additional IP block back to your ASA outside interface.

on the ISP router they have to add a static route.

ip route 64.199.37.0 255.255.255.248 ASA_outside_IP

on your ASA simply create your new NAT pool or static NAT and of course your acls.

HTH

Jorge

291
Views
20
Helpful
8
Replies