Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem accessing another public ip in same subnet

Hi,

I have searched around for a previous post regarding this but can't find an issue similar to mine (or I'm just too stupid to understand that it is )

I have a Cisco 5505 at a small business that I help. The problem is that the ISP are providing public IPs to multiple customers in a /24 subnet. The ASA has a single public IP configured 8.8.8.8 (not really, just for the examples sake) with a subnet mask of 255.255.255.0.

The webserver I have to access is not managed by me and is located in a different location (same town though) has 8.8.8.115, it is located in the same subnet as the ASA.

How would I make this work? I have tried to configure a static arp entry for the web server but it just won't work. If i place a computer directly on the outside interface I have no problem accessing the web server.

I am running ASA version 8.2, but I could upgrade if it would help me solve the problem.

Any help with this issue is much appreciated.

  • Firewalling
Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Problem accessing another public ip in same subnet

Erik

The mac address reported in the ARP colliision message, is that the same mac address shown in the arp cache on the ASA ?

Jon

16 REPLIES
Hall of Fame Super Blue

Problem accessing another public ip in same subnet

Erik

Could you clarify the topology in relation to the ASA and the web server ie.

1) is the web server protected by the ASA

2) what interface has the 8.8.8.8 IP ?

3) what interface is the web server located off eg. inside, DMZ

4) are you using the real public IP on the web server or are you using a private IP and NAT ?

Jon

New Member

Problem accessing another public ip in same subnet

Thanks for your time Jon.

1. The web server is protected by another firewall that I don't know the type of since I'm not responsible for that location. It is a third party web server.

2. It's not really 8.8.8.8 (I know it is a google dns server) but just to have something to referens in this issue. It is used on the wan interface on the customers ASA.

3. The web server will be accessed via the wan interface since it is not located on the same site but share the same public subnet with my customer since their ISP gives out ip addresses from the same /24 subnet. I guess it is to save a couple of public addresses.

4. To access the web server I must use a public address since I can't access it any other way. There is no other path but via the ISP.

I think this is a ASA specific issue since the third party haven't had this issue with other firewalls and I can access the web server if I remove the ASA and puts the public address on my laptop.

I hope this clarify the issue Jon.

Hall of Fame Super Blue

Problem accessing another public ip in same subnet

Erik

I'm still not getting this sorry.

You have an ASA with an outside interface of 8.8.8.8 (i know these are dummy addresses). Is that correct ?

If so the web server has an IP from the same subnet. But the real web server sits behind another firewall.

So this web server must have a different real IP ?

How is the other firewall connected to the ASA ie. which interface on the ASA ?

Jon

New Member

Problem accessing another public ip in same subnet

I know that I'm not beeing clear, It's hard to explain. I have drawn a Visio sketch that I hope clarify my issue. I have nothing to do with the third party site only the Customer site.

Once again, thanks for your time.

Problembeskrivning.png

Hall of Fame Super Blue

Problem accessing another public ip in same subnet

Erik

Okay, so if you replace the ASA with a laptop using the 8.8.8.8 IP it all works ?

So are you doing NAT for the internal clients on the ASA eg.

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

assuming the clients are connected to the inside interface.

Jon

New Member

Problem accessing another public ip in same subnet

That is correct. If i connect a laptop with the public address instead it works. Also, it works from pretty much any other place as long as you are not behind an asa on the same subnet. I can for example connect from my office.

I am doing nat

global (outside) 1 interface

nat (inside) 0 access-list inside_VPNClients

nat (inside) 1 0.0.0.0 0.0.0.0

The clients are connected to the inside interface.

Hall of Fame Super Blue

Re: Problem accessing another public ip in same subnet

Erik

What does the arp table show when you try to connect through the ASA ?

From the ASA can you ping the other firewall IP ?

Jon

New Member

Problem accessing another public ip in same subnet

The ASA has a correct ARP entry for the host.

The other firewall does not respond to pings but other host in the public subnet responds to ping.

I don't know if i matters but I do get an entry in the log viewer.

4Feb 24 201413:38:05405001



Received ARP request collision from 8.8.8.115/0003.fc04.ccbf on interface outside

Hall of Fame Super Blue

Problem accessing another public ip in same subnet

Erik

The mac address reported in the ARP colliision message, is that the same mac address shown in the arp cache on the ASA ?

Jon

634
Views
0
Helpful
16
Replies