Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

adding a secondary IP to same interface on a Cisco ASA 5510

Posted on 2007-12-03
9
Medium Priority
?
7,220 Views
Last Modified: 2010-11-04
My ISP gave me another block of IPs to use on the same interface. I know I can just add a secondary IP to the interface but what else do I have to do with the second gateway? Right now I just have a "route outside 0.0.0.0 0.0.0.0 y.y.y.y"   command in the config. What else do I have to do to accomplish this 2nd block of IPs?
0
Comment
Question by:fina27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 2000 total points
ID: 20399358
>>"I know I can just add a secondary IP to the interface"

On an ASA, you cannot add a secondary IP address to an interface...are you talking about adding subinterfaces to be used in a VLAN environment, perhaps?

Truthfully, if your ISP has given you a new block of addresses that you want to be able to use, it's really just as simple as configuring static translations for the new block of IP addresses to point to internal IP addresses.  The ASA will perform proxy ARP for the new IP's.  You shouldn't even have to use the second gateway for the new block at all since you're routing would be taken care of by your existing default route.  As long as your ISP is taking care of routing the new block to your connection with them, then you should be OK and not have to specify the second gateway.
0
 

Author Comment

by:fina27
ID: 20399443
Yeah as I was thinking about it more i figured that would be the case about the gateway.

So how can I configure this additional IP block? I just need a little more insight on how to implement it. I can't do a "ip address ip-address mask secondary" command on the interface?


"it's really just as simple as configuring static translations for the new block of IP addresses to point to internal IP addresses." ---- so if I just start doing "static (inside,outside) 'new WAN IP' LAN IP netmask mask"    It will work?
0
 
LVL 28

Expert Comment

by:batry_boy
ID: 20399660
>>I can't do a "ip address ip-address mask secondary" command on the interface?

No, it doesn't support the "secondary" option in the ASA code.

>>so if I just start doing "static (inside,outside) 'new WAN IP' LAN IP netmask mask"    It will work?

As long as your ISP has done their part in routing that new net block to your edge router or device, then yes it will work.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:fina27
ID: 20400341
That didn't work. Should I create a sub-interface?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 20400459
All you have to do is create static 1-1 nat xlates to the new ip range. Done.
0
 

Author Comment

by:fina27
ID: 20400714
can you give me that command?
0
 

Author Comment

by:fina27
ID: 20400796
static (inside,outside) y.y.y.y x.x.x.x netmask mask

y=wan
x=lan


I entered that command and tried to ping it and still cannot. Is there something else?
0
 
LVL 13

Expert Comment

by:td_miles
ID: 20401630
you need to permit the traffic through the interface for the NAT to work.

something like:

access-list 101 permit tcp any host y.y.y.y eq 80
acess-group 101 in interface outside

which would allow traffic to a web server on IP y.y.y.y
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 20402666
You also cannot ping it from inside.
You also need to make sure that your ISP is routing that block of IP's to your PIX's current outside interface IP
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question