Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

secondary ip on ASA

Hi,

I'm looking at a phased migration from PIX to ASA and our ISP is currently routing a seperate public subnet through the PIX into our network. As the IP of the PIX pair is used in their routing tables, and the ASA's are being commisioned of different public IP's (it's too complex to just keep the same IP's for other reasons), I'd ideally like to be able to take the IP being used as the routing HOP and keep it on the ASA's as a secondary IP or such like, without having to liaise with the ISP to do a timed routing change, which is never fun. This would also give a nice bit of abstraction from hardware IP's and functional IP's. if this was an IP being used for a NAT or such then obviously that move would be simple, but as this is a routing hop, the NAT wouldn't make sense (would it?)

If this were IOS, i'd personally be looking at an HSRP IP, but on ASA I don't think this is possible, but hopefully someone might be able to prove me wrong.

Thanks

Chris

5 REPLIES
Bronze

Re: secondary ip on ASA

This sample configuration shows how to set up multiple VPN Group Clients to use different VLANs after the IPsec tunnel is established with the PIX 500 Series Security Appliance

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806ab788.shtml

New Member

Re: secondary ip on ASA

erm, thanks. BUT that appears to have nothing to do with the question i asked at all...

Re: secondary ip on ASA

Do you have public servers exposed to the Internet in your PIX & a DMZ ?

Are you using this only for NAT ?

if it is case 2, it is pretty simple,

ON your LAN gateway, put a policy route for a test subnet pointing towards the ASA & test all functionalities.

The default route will be via the PIX.

When everything is ok, just change the default route to the ASA & remove the Route map

New Member

Re: secondary ip on ASA

thanks,

as above, we do not control the gateway device which is routing to the PIX and ASA internet presentations, this is our service provider. these addresses are not NAT addresses on the devices, but are routed through the devices into our LAN.

Re: secondary ip on ASA

could you pls explain again as what is your requirement ?

332
Views
0
Helpful
5
Replies
CreatePlease login to create content