Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Second public IP on ASA 5512-x

We use a Cisco ASA 5512-x and have an external IP block from *.*.*.40 to *.*.*.46. The internet connection is delivered on a next hop .50 where the ASA routes the traffic.

At the moment we have a Polycom HDX wich uses the .42 IP adress and we installed an Exchange and Lync server. We want to use a new public IP (.43) for these servers with ports 25, 80, 444 and 5061.

The .42 IP address is being picked up by a Netgear router with port forwarding to the Polycom. We only use this for some guest accounts wifi. My servers use this internal IP address of the Netgear ( for its internet connection. The situation:

ISP --> ASA --> Netgear --> Polycom HDX

The Netgear is connected to the ASA with the WAN port.

When I want to use the .43 public IP address for my Lync server how do I configure it? Do I need to connect it directly to a port on the ASA or do I need to give the server an extra IP address on it's network adapter (or just a second adapter)? Or can I connect my server to my switch (connected to my Netgear router) and use it that way?

Thank you in advance.                

Super Bronze

Second public IP on ASA 5512-x


I am not sure why there is another NAT device behind the ASA and why the servers are behind this NAT device?

I assume that in your setup the ASA doesnt see the actual IP address of the server directly?

If you can spare a public IP address for only this server by doing Static NAT then I would configure

object network SERVER


nat (sourceint,destinationint) static

And create ACL rules to allow the ports required.

But to be honest seems to me that you would need NAT configurations on the Netgear also?

Best situation would be to have the server so that the ASA can "see"/reach its local IP address directly and configure Static NAT for that local IP address.

Can you clarify the situation a bit. You are talking about a server but are also talking about Polycom which doesnt have anything to do with this server and its NAT configurations?

It might help to see your ASA configurations (without any actual public IP address information)

- Jouni

CreatePlease to create content