How to I configure multiple IP's on one interface of my Cisco ASA 5505 and/or 5510
I am new to the world of Cisco networking. I've been a user of consumer grade products for a long time, and have a few 3Com switches and WAP's on my network, but we are needing to do more. So I bought a Cisco ASA 5505 and ASA 5510. I'll be asking all sorts of questions in the near future, but I'm going to start with an easy one (I hope)
How do I assign multiple IP's to one (outside) interface?
I have a block of 5 IP's from Comcast that I want to assign to one interface. Then direct traffic based on port and IP to specific NAT'd addresses.
If our addresses are x.x.110.249-253 / 255.255.255.248, how do I assign all these addresses to one interface?
Thanks
How do I assign multiple IP's to one (outside) interface?
I have a block of 5 IP's from Comcast that I want to assign to one interface. Then direct traffic based on port and IP to specific NAT'd addresses.
If our addresses are x.x.110.249-253 / 255.255.255.248, how do I assign all these addresses to one interface?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When I'm looking at the config for my outside interface, it shows DHCP as the address for the interface. Really I want it to be all 5 IP addresses. Do I need to assign one to it? Or do I just leave it and put in my static routes and access lists? How will the device know that the outside interface is xxx.xxx.110.249-253 if it says the outside address is DHCP? I'm in Configuration-->Interfaces
If you have cable modem service from your ISP, then that is typically a DHCP assignment for the public interface. I would leave it at DHCP for the outside interface.
>>Really I want it to be all 5 IP addresses. Do I need to assign one to it?
You don't assign multiple IP addresses to the interface itself, per se. You just configure the firewall to proxy ARP for additional addresses that you are mapping to inside addresses.
>>Or do I just leave it and put in my static routes and access lists?
I would leave it alone and just put in your static translations (not routes) and your access list statements.
>>How will the device know that the outside interface is xxx.xxx.110.249-253 if it says the outside address is DHCP?
The outside interface will receive it's IP address through DHCP. Comcast has routed those other 5 public IP addresses to your cable modem circuit and the firewall will be configured to proxy ARP for those addresses.
>>Really I want it to be all 5 IP addresses. Do I need to assign one to it?
You don't assign multiple IP addresses to the interface itself, per se. You just configure the firewall to proxy ARP for additional addresses that you are mapping to inside addresses.
>>Or do I just leave it and put in my static routes and access lists?
I would leave it alone and just put in your static translations (not routes) and your access list statements.
>>How will the device know that the outside interface is xxx.xxx.110.249-253 if it says the outside address is DHCP?
The outside interface will receive it's IP address through DHCP. Comcast has routed those other 5 public IP addresses to your cable modem circuit and the firewall will be configured to proxy ARP for those addresses.
ASKER
Thanks. I'm looking forward to gaining better control of my network. Definitely takes a new way of thinking to program the ASA device, even for this simple firewall configuration, than to setup a Linksys router.
Oh, yes...how true, how true. However, the thing that makes it more complicated also makes it way more versatile than a consumer grade router. I've been using the Cisco PIX/ASA for years now and they are marvelous devices.
ASKER