Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Public IP on inside interface ASA 5512

How would I go about giving a server on the inside interface of my ASA a public IP address. I have a /28 on the outside interface and I'd like to give a server a public IP and not NAT.

I'd not sure how to go about getting this done.

show run nat=

nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.0.192_27 NETWORK_OBJ_192.168.0.192_27 no-proxy-arp route-lookup

nat (inside,outside) source static NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 destination static NETWORK_OBJ_192.168.0.192_27 NETWORK_OBJ_192.168.0.192_27 no-proxy-arp route-lookup

!

object network inside-net

nat (inside,outside) dynamic interface

object network xsan-net

nat (xsan,outside) dynamic interface

object network webserver

nat (inside,any) static X.X.130.147 dns

show run route=

route outside 0.0.0.0 0.0.0.0 X.X.130.145 1

  • LAN Switching and Routing
Everyone's tags (3)
8 REPLIES

Re:Public IP on inside interface ASA 5512

An easier way would be to split the /28 into 2x /29 and create another interface on the ASA and have your server sit off it.

Sent from Cisco Technical Support Android App

New Member

Public IP on inside interface ASA 5512

Is it not possible on the ASA to have a public IP on the inside interface?

How would I go about splitting to 2x /29. Would that be something I'd do or my ISP?

Re:Public IP on inside interface ASA 5512

Hi Dru,

You can have /30 for your outside interface connected to router. You can have one /29 for your server which you can have for your DMZ interface,server and switch VLAN where you can connect... one /30 you can reserve for PAT/NAT.

Say 20.0.0.0/28 is your public IP subnet stack.

20.0.0.0/30 - 20.0.0.1 for your router and 20.0.0.2 for your outside interface of firewall.

20.0.0.4/29 - 20.0.0.5 for DMZ interface, 20.0.0.6 for Switch in DMZ, 20.0.0.7 for Server in DMZ (you can add 3 more servers and name 20.0.08,9,10 in future)

20.0.0.12/30 is the reserved subner for future use. hope this helps.

Please do rate for the helpful posts.

By

Karthik

Re:Public IP on inside interface ASA 5512

It would be possible, but you would have to break a few networking rules.

What is the /28 your ISP has given you?

Sent from Cisco Technical Support Android App

New Member

Public IP on inside interface ASA 5512

My ISP gave me is 173.196.1.1/28

Network is configured this way: ISP <-> ASA5512 <-> Inside Catalyst Switch

The goal is to give a server on the inside the IP 173.196.1.8 without NAT. So the server itself will have 173.196.1.8 and not 192.168.0.33 translated to 173.196.1.8.

I hope that makes sense.

New Member

Re:Public IP on inside interface ASA 5512

I've split my /28 into two /29s

173.196.1.0/29 and 173.196.1.8/29

The first subnet is on the outside interface (GE0/0) and the second one is on interface GE0/3 which i named public

The inside (GE0/1) is the LAN 192.168.0.0/24

So the IP address of outside interface is 173.196.1.1 and the IP to the public interface is 173.196.1.9.

Now how do configure it so my server (173.196.1.10) can go out to the internet with that IP address?

Re:Public IP on inside interface ASA 5512

Splitting the /28 that way and you loose 6 IP addresses.

New Member

Re:Public IP on inside interface ASA 5512

I've split my /28 into two /29s

173.196.1.0/29 and 173.196.1.8/29

The first subnet is on the outside interface (GE0/0) and the second one is on interface GE0/3 which i named public

The inside (GE0/1) is the LAN 192.168.0.0/24

So the IP address of outside interface is 173.196.1.1 and the IP to the public interface is 173.196.1.9.

Now how do configure it so my server (173.196.1.10) can go out to the internet with that IP address?

2210
Views
0
Helpful
8
Replies