Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco ASA and IP  Address Ranges

Posted on 2011-10-04
2
Medium Priority
?
224 Views
Last Modified: 2012-05-12
We have  our default IP address we use for our ASA. Lets just say 65.10.10.33/30 with a gateway of 65.10.10.34. We also have another range of IP addresses lets say 63.10.10.0/27  63.10.10.0 - 31. with a gateway of 65.10.10.1.

So we normally setup services on the ASA to use a static nat internal to external and apply the 63.10.10.x ip on the ASA.  But now we have a device that needs direct access to the internet. Can i just take the connection from the ASA and put it into a switch? Then plug my ASA into the switch? It should work but what bout another device? Can i just add the IP Subnet and Gateway to another device and plug it in the switch also? This should give me direct non firewalled access to to this device right?
0
Comment
Question by:bml104
2 Comments
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 36911998
As long as you keep that at the outside of the pix, that should work.
Assuming I read this right :)
0
 
LVL 9

Expert Comment

by:gavving
ID: 36919923
Yes that will work fine normally.  It sounds like you have 2 IP subnets configured on your Internet router and they are on the same interface.  Thus you should be able to take the cable going into the ASA, move it to a switch, plug the ASA into the switch.  Plug the new device into the switch and configure it with an unused external IP address with the normal default gateway.  

One issue you can run into is duplex/speed mismatch.  If the ethernet port on your ASA is hard coded for full duplex, then you'd have to make sure that the switch your plugging into is hard coded for full duplex as well, or you can reconfigure the port on the ASA to be auto-negotiate.  To make sure you dont have this problem after doing the work, do an Internet speed test before and after and compare them, they should be the same or close to it.  Also you can check "show int" on the ASA to make sure you dont see any input errors.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question