Cisco ASA and IP Address Ranges

We have  our default IP address we use for our ASA. Lets just say 65.10.10.33/30 with a gateway of 65.10.10.34. We also have another range of IP addresses lets say 63.10.10.0/27  63.10.10.0 - 31. with a gateway of 65.10.10.1.

So we normally setup services on the ASA to use a static nat internal to external and apply the 63.10.10.x ip on the ASA.  But now we have a device that needs direct access to the internet. Can i just take the connection from the ASA and put it into a switch? Then plug my ASA into the switch? It should work but what bout another device? Can i just add the IP Subnet and Gateway to another device and plug it in the switch also? This should give me direct non firewalled access to to this device right?
LVL 1
bml104Asked:
Who is Participating?
 
Ernie BeekExpertCommented:
As long as you keep that at the outside of the pix, that should work.
Assuming I read this right :)
0
 
gavvingCommented:
Yes that will work fine normally.  It sounds like you have 2 IP subnets configured on your Internet router and they are on the same interface.  Thus you should be able to take the cable going into the ASA, move it to a switch, plug the ASA into the switch.  Plug the new device into the switch and configure it with an unused external IP address with the normal default gateway.  

One issue you can run into is duplex/speed mismatch.  If the ethernet port on your ASA is hard coded for full duplex, then you'd have to make sure that the switch your plugging into is hard coded for full duplex as well, or you can reconfigure the port on the ASA to be auto-negotiate.  To make sure you dont have this problem after doing the work, do an Internet speed test before and after and compare them, they should be the same or close to it.  Also you can check "show int" on the ASA to make sure you dont see any input errors.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.