Cisco ASA and IP  Address Ranges

Posted on 2011-10-04
Last Modified: 2012-05-12
We have  our default IP address we use for our ASA. Lets just say with a gateway of We also have another range of IP addresses lets say - 31. with a gateway of

So we normally setup services on the ASA to use a static nat internal to external and apply the 63.10.10.x ip on the ASA.  But now we have a device that needs direct access to the internet. Can i just take the connection from the ASA and put it into a switch? Then plug my ASA into the switch? It should work but what bout another device? Can i just add the IP Subnet and Gateway to another device and plug it in the switch also? This should give me direct non firewalled access to to this device right?
Question by:bml104
    LVL 35

    Accepted Solution

    As long as you keep that at the outside of the pix, that should work.
    Assuming I read this right :)
    LVL 9

    Expert Comment

    Yes that will work fine normally.  It sounds like you have 2 IP subnets configured on your Internet router and they are on the same interface.  Thus you should be able to take the cable going into the ASA, move it to a switch, plug the ASA into the switch.  Plug the new device into the switch and configure it with an unused external IP address with the normal default gateway.  

    One issue you can run into is duplex/speed mismatch.  If the ethernet port on your ASA is hard coded for full duplex, then you'd have to make sure that the switch your plugging into is hard coded for full duplex as well, or you can reconfigure the port on the ASA to be auto-negotiate.  To make sure you dont have this problem after doing the work, do an Internet speed test before and after and compare them, they should be the same or close to it.  Also you can check "show int" on the ASA to make sure you dont see any input errors.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now