Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Add a second WAN CIDR range to ASA 5505

Forgive me if this has already been covered as i couldn't find any clear answers to do this with a lone ASA 5505 running sec plus. 

 

How would i go about adding a second /28 CIDR range on anther segment given to us by our ISP which is on another segment? 

Our outside is configured with 68.2.2.2/255.255.255.255 and we have been given a new block of 98.98.98.0/255.255.255.240. ISP has routed the 98 to the 68 on their side as of now. 

Curious is the 5505 capable of doing this without a router in front? Any suggestions are welcomed. thanks!

7 REPLIES

Did they give you a second

Did they give you a second link or just added the IPs to your current connection? If same connection you could use a basic switch as a "breakout" and use 2 interfaces as your outside connection.

New Member

Good question, no second

Good question, no second physical drop. 

Hall of Fame Super Silver

You really do not want to use

You really do not want to use it as a second physical connection unless you intend to use the second address block only as a backup in case the primary physical connection has a problem. And given the description that the ISP has routed the 98 to the 68 I think it is highly likely that there is only a single physical connection from the ISP. So putting a switch in place to split them does not really buy you any redundancy.

 

What you really want to do is to use the second address block to create a pool of addresses to use for address translation. The ASA5505 should do this quite easily and well.

 

HTH

 

Rick

New Member

Thanks. Yes, we do not want

Thanks. Yes, we do not want to use a router or switch in front.  i do understand the 5505 is not a router but is there any tricks we could do to add the additional /28 block of IPs from a single ISP drop to our ASA 5505? Would i assign the new /28 to the inside interface?

Hall of Fame Super Silver

You do not need to assign the

You do not need to assign the block to an interface to be able to use it for address translation with the ASA5505.

 

HTH

 

Rick

New Member

Thank you, Richard.  By

Thank you, Richard. 

 

By leveraging PAT to point a 98 address to an internal 172 address, would we be allowed to use one-to-one NAT? 

Hall of Fame Super Silver

You should be able to use 98

You should be able to use 98 addresses to create one to one translations for 172 addresses and you could, if you want, use some 98 addresses to do dynamic NAT.

 

HTH

 

Rick

198
Views
0
Helpful
7
Replies
CreatePlease to create content