Can a Cisco ASA 5505 be used to with multiple IP addresses

ndalmolin_13
ndalmolin_13 used Ask the Experts™
on
Hello SBS and Cisco Experts,

I have a small network that consists of 1 Microsoft SBS 2003 and 10 workstations.  We have one static IP from our ISP (71.39.164.xx).  The DSL modem NATs that address to 192.168.0.1.  Our SBS server has two NICs.  The external NIC has an address of 192.168.0.2.  The internal NIC has an address of 192.16.16.2.  Each workstation is assigned an address via DHCP.  The gateway for each workstation is 192.168.16.2 (the internal NIC on the server).  So basically what is happening is all internet traffic is being routed through the server.  

Our IP address keeps showing up on a CBL blacklist.  I have run scan after scan on the server and everything comes back clean.  I'm as confident as I can me that the issue is not the server itself.  What I want to do is the following:
1.  Purchase a block of static IP addresses from the ISP
2.  Purchase a Cisco ASA 5505
3.  Configure the ASA so that one external IP is used for the server and a different external IP is used for the workstations.

My question is can the ASA do this?  I think it can, but want to be sure before I spend any money.

Thanks,
Nick
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
It certainly can. You would setup a static NAT address for the server and have the clients use the global PAT address. Are you running ISA on this SBS server, and do you have any problems with your clients using the ASA as their gateway instead of the SBS box?

Cheers,
Juice.
For the Blacklist, have you checked the other pc's on the network to make sure they're not infected with malware/spam zombies?  Everything is going out that one static address.  Also make sure you're not an open relay.

The good thing is that with the ASA you can put in a firewall rule to block all traffic except for the exchange server from communicating on port 25 - and with that, if there are rouge machines you can monitor the firewall log to see what the cause is.

Commented:
That is what the ASA is designed to do.  

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial