Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How can you handling non overlapping wan subnets with an ASA

greetings,

Our IPS has given us a second range of IPs as we were running out.  Unfortunately, they can only give us two non overlapping range.  I am running two ASA 5520 in fail over to handle our traffic but I don't know the best way to use both external ranges.  This is not a failover scenario -- and I need outward facing servers on both ranges.  It is adventageous to us to keep the two external subnets separating two of our operations so we don't want to bring everything into one subnet (long story).

I have one NIC designated outside that will need to cater for both wans.  As there are two subnet there are two gateways.  How do I keep the traffic on track?

Thanks

Charlie

4 REPLIES
New Member

How can you handling non overlapping wan subnets with an ASA

I have same scenario to be resolved.

New Member

How can you handling non overlapping wan subnets with an ASA

I have an update on this and how it was solved at least in part.

1. I configured our ASA with only our principle subnet and gateway.

2. our ISP was able to route all our subnets to the ASA.

3. using static NATs I was able to route traffic on the non overlapping subnet to the public facing server. 

I was using the ASDM and created the public server using the Firewall > Public Server.  This works for incoming trafic but not for outgoing.  Going to whatsmyip.org shows the IP of the firewall on the primary subnet.  To solve this I had to recreate the NAT rule manually and place it above the general rules for the servers subnet. 

In the end it was not that hard but for a newbie it caused some sleepless nights. :-)  The learning curve is steep.

New Member

How can you handling non overlapping wan subnets with an ASA

Dear Charlie,

Have you drop public ip from ISP on ASA or it first drop at any router. in my opinion if we use any router in front of ASA then we can easily route both block towards ASA.

New Member

How can you handling non overlapping wan subnets with an ASA

Good afternoon,

The ASA has a the ISP's public gateway and I only have one configured (from the primary subnet range) even though it is not part of the secondary subnet this does not seem to matter.  I don't know what router tricks the ISP is doing but they are a major outfit with some sharp guys on the staff.  They acted like ti was not a big deal.

I am not sure I have answer your question.

465
Views
0
Helpful
4
Replies
CreatePlease login to create content