Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

add one more public IP on ASA

Hi,

Please find my current interface IP.

I want to add one more public IP on it.

interface Ethernet0/0

description ASA Outside segment

speed 100

duplex full

nameif OUTSIDE

security-level 0

ip address 62.173.33.76 255.255.255.240

!

interface Ethernet0/1

description VLAN AGGREGATION point

no nameif

no security-level

no ip address

!

interface Ethernet0/1.2

description INSIDE segment (User)

vlan 2

nameif INSIDE

security-level 100

ip address 192.168.172.1 255.255.255.0

!

interface Ethernet0/1.3

description LAN

vlan 3

nameif LAN

security-level 100

ip address 192.168.173.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

please help i will be very greatful.

thanks,

  • Security Management
Everyone's tags (7)
7 REPLIES
Red

add one more public IP on ASA

You have an empty eth0/2 and eth0/3, you can assign the public ip on it.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

add one more public IP on ASA

Hi Varun,

Please find error message.

FAST-HQ-ASA(config)# interface ethernet0/2

FAST-HQ-ASA(config-if)# ip address 62.173.33.69 255.255.255.240

ERROR: Failed to apply IP address to interface Ethernet0/2, as the network overlaps with interface Ethernet0/0. Two interfaces cannot be in the same subnet.

FAST-HQ-ASA(config-if)#

Please suggest.

Thanks,

Red

add one more public IP on ASA

No, you cannot do that. You cannot assign two public ip's of same subnet on two interfaces, firewall will not allow you, it needs to be of different subnet.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
New Member

add one more public IP on ASA

ok i got it but can please explain me how i do.

i have seen some answer its pasted down.

Re: ASA 5505 v7.2 - multiple public IPs on Outside

Hi did yo tried this way

nat (inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 11.11.11.11


nat (inside) 2 192.168.22.0 255.255.255.0
global (outside) 2 22.22.22.22

New Member

add one more public IP on ASA

I want to create VPN and one public is already assign for internet use 62.173.33.76.

so i want to add one more public IP 62.173.33.69 to configure VPN on ASA.

is it right way what i am thinking.

because on 62.173.33.69 (Public IP) we are running some application and thats why we want to create VPN so i have to add 62.173.33.69 in ASA.

please correct me if i am wrong.

Thanks,

New Member

add one more public IP on ASA

Hi Varun,

I am waiting for reply.

Please suggest me what to do.

Thanks,

Red

add one more public IP on ASA

Hi Hemant,

If you are thinking about terminating the VPN tunnel on the outside interface then you need not add any other IP address on the ASA, you can terminate it on the outside interface.

In the VPN tunnel you can easily identify which particular traffic should go through, and segragate your internet traffic with the VPN traffic.

Thanks,
Varun Rao
Security Team,
Cisco TAC

Thanks, Varun Rao Security Team, Cisco TAC
1892
Views
3
Helpful
7
Replies