Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA with two IP Ranges

I have two IP ranges coming from one provider over 1 T1, both are /29's. I've recently purchased an ASA 5510 to protect the office, but can't seem to make use of the second range of IP's. I'm connecting to a Cisco 2500 router and it all works fine with no firewall.

I have the second IP of the first range as eth0/0 and the second IP of the second range as eth0/0.1.

I'm sure it has something to do with routing, but I don't know how to specify the "next hop" as I do with the router in the policy route.

I'm at my wits end and fear that this firewall doesn't have the capabilities I was told it did (by the salesman of course).



  • Other Security Subjects

Re: ASA with two IP Ranges

Hi ... if I understood your scenario .. you have 2 public ranges right ..? and I believe you want to use them on the ASA right ..?

Is the ASA going to replace the 2500 router ..?

Can you elaborate a quick network diagram to understand what are you trying to achieve.

New Member

Re: ASA with two IP Ranges

Yes, two ranges and want to use them both on the ASA. I intended to leave the 2500 in place as I don't have a T1 card for the ASA.

I've thrown together a quick network diagram of how it "should" work. Just to reiterate the original post though:

from the outside, I can ping router just fine, but I can only ping the interface, this is because I have a default route on the ASA of There's no route for the network on the firewall. (although oddly, the router can't seem to ping the interface even though there on the same network)

The ASA is configured such that Eth0/0 is and Eth0/0.1 is

Thanks for any help!

New Member

Re: ASA with two IP Ranges

Am I to believe that this device can not handle more then 1 ip range? If anyone could answer before my time is up to return this unit I'd greatly appreciate it.



Re: ASA with two IP Ranges

you diagram does not look right .. are you able to provide the config of the 2500 router and the ASA ..

You have been given 2 public ranges so.

1.- you can configure one public range for connecting the ASA to the router ( I believe you have used x.x.239.56/29 segment ).

2.- The other range can be used as a DMZ on the ASA. You can allocate an IP address to one of its interfaces on this range ( I believe you have used x.x.237.2/29 ).

3.- You can't have x.x.237.1 on the router and x.x.237.2 on the ASA. You need to remove this from the router.

4.- You can use a third interface on the ASA for connecting your internal users.

5.- The ASA will be protecting your internal users in that way.

6.- You also need to make sure your ASA has default gateway pointing to the router.

7.- you need to make sure the route has a static route for x.x.237.0/29 pointing to the ASA.

I hope it helps ... please rate it if it does !!!

This widget could not be displayed.