Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Public IP assigned to host question

My company currently is using a /30 network, 1 public assigned to an ISP  and 1 Public IP assigned to an ASA.  They also use a VPN which the peer  address is the public ip assigned to the outside interface of the ASA.  One of our clients is requesting to access our servers but our servers  must have assigned public IP not private. I have another /27 IP range  givent to me from our ISP and am wondering how I can assign a server a  public IP?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Public IP assigned to host question

The ISP's router, which is your ASA's default gateway, will need a static route pointing the /27 out the interface that faces the ASA's outside interface. Your ASA needs to have static NAT entries using the newly assigned /27. When the ISP's router receives a packet directed to one of the IP addresses that you used on your static NATs, the router will send an ARP request out the customer facing interface. The ASA in turn, since it has static NATs, will reply to those ARP requests with the MAC address of its outside interface. The Intenet router will build the frame using that MAC address as the destination MAC; the frame will be delivered to the ASA's outside interface, and then the ASA will continue its process internally.

6 REPLIES
Hall of Fame Super Silver

Public IP assigned to host question

Bobby

The more common way to solve this is to use an address from the other block and to configure static address translation so that the request coming in from outside will use the public address from the block and the ASA will translate it to the private address that the server uses inside your network.

HTH

Rick

New Member

Public IP assigned to host question

so basically what you are saying is use the /27 as our interface to the ISP from the ASA. and then use the remaining IP's as static nats to hosts?

Hall of Fame Super Silver

Public IP assigned to host question

Bobby

You do not necessarily need to change the interface address. The ASA can use addresses for address translation that are not in the subnet of the interface address.

If you want to change the interface address you certainly can do that. But it is not required.

HTH

Rick

New Member

Public IP assigned to host question

Ah okay, so the reason I am doing this is because when we VPN to our clients they want to make sure our private address isnt clashing with their private address. so they want to use a public address for each server. So when I do this NAT it will ensure that there is not clash?

New Member

Public IP assigned to host question

The ISP's router, which is your ASA's default gateway, will need a static route pointing the /27 out the interface that faces the ASA's outside interface. Your ASA needs to have static NAT entries using the newly assigned /27. When the ISP's router receives a packet directed to one of the IP addresses that you used on your static NATs, the router will send an ARP request out the customer facing interface. The ASA in turn, since it has static NATs, will reply to those ARP requests with the MAC address of its outside interface. The Intenet router will build the frame using that MAC address as the destination MAC; the frame will be delivered to the ASA's outside interface, and then the ASA will continue its process internally.

New Member

Public IP assigned to host question

excellent, thank you so much.

304
Views
0
Helpful
6
Replies