Help adding additional external Ip's to Cisco ASA 5505

Posted on 2007-10-18
Medium Priority
Last Modified: 2011-10-03
Hi all, basically I have run out of External ip's and I need to know how to add the new block I ip's I received to my Cisco ASA 5505.  I have a  /28 block that I would like to start using but I don't know how to add it to my current config or if it's even possible?  
We'll say my new block looks as follows:  .2 is the default gateway (.3-17 useable, .18 broadcast) I need to add this to my current config:

: Saved
ASA Version 8.0(2)
enable password names
name 72.x.x.x appserver-ext description External Add
name 192.168.0.x appserver_int description Parlay Games
name 72.x.x.x oracle_db-ext description External Add
name 192.168.0.x oracle_db_int description Oracle / MySql
name 72.x.x.x webserver-ext description External Add
name 192.168.0.x webserver_int description Apache / PHP
name 72.x.x.x Lotto_Site-ext
name 192.168.0.x Lotto_Site-int
interface Vlan1
 nameif inside
 security-level 50
 ip address 192.168.0.x
interface Vlan2
 nameif outside
 security-level 0
 ip address 72.x.x.x
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
object-group network Blink_Servers_int
 network-object host oracle_db_int
 network-object host webserver_int
 network-object host appserver_int
 network-object host Lotto_Site-int
object-group network My_Sql
 network-object host Parlay_Network
 network-object host Trent_Sschwartz
object-group network SSH
 network-object host Parlay_Network
 network-object host Trent_Sschwartz
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service MySql tcp
 port-object eq 3306
object-group service Parlay_Chat tcp
 port-object eq 2156
object-group service Tomcat tcp
 port-object eq 8080
object-group service Parlay_Services tcp
 group-object Parlay_Chat
 group-object Tomcat
 port-object eq www
 port-object eq https
object-group network Blink_Servers_ext
 network-object host oracle_db-ext
 network-object host webserver-ext
 network-object host appserver-ext
 network-object host Lotto_Site-ext
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
static (inside,outside) oracle_db-ext oracle_db_int netmask
static (inside,outside) webserver-ext webserver_int netmask
static (inside,outside) appserver-ext appserver_int netmask
static (inside,outside) Lotto_Site-ext Lotto_Site-int netmask
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 72.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.0.x inside
http Parlay_Network outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet Parlay_Network outside
telnet timeout 5
ssh timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
service-policy global_policy global
prompt hostname context
: end
asdm image disk0:/asdm-602.bin
no asdm history enable
Question by:parlay_user
  • 3
  • 2
LVL 79

Expert Comment

ID: 20104926
The ISP has to route the new block to your outside IP address. Then you can use all of the IP's from .1 -.14 with .15 as the broadcast and nothing reserved as a gateway.

Then, just create new statics using the new IPs.

Author Comment

ID: 20105074
When you say outside IP address, would that be the ip of the firewall interface?
LVL 79

Expert Comment

ID: 20105177
Yes. The ISP must route the new block of IP's to  ip address 72.x.x.x

Author Comment

ID: 20112392
Ok, the isp has routed to 72.x.x.x.  So your saying all I have to do is create new nats using the new ips and I'm good to go?
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 20112460

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 13 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question