Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 817
  • Last Modified:

Cisco ASA External IP on Server Behind ASA - Polycom VBP

I have polycom device that needs to have a public ip address because it is it's own nat device. I have my one ip address that i use for my asa that points to his default route.  So IP 123.123.123.33 with a gateway of 123.123.123.34 on a slash/30 network. Are ISP also gives us a 142.142.142.0 -31 /27 network to use for our services behind our firewall. Normally I give the internal server an internal network address and create a NAT rule to point to it. But in this instance they say it needs to have it's own public address.  How can I do this on an ASA?


0
bml104
Asked:
bml104
  • 2
1 Solution
 
jmeggersCommented:
This is tricky because the ASA doesn't support secondary addresses.  My thought would be to create a DMZ and use the second public address block in the DMZ, assigning one of those addresses to the Polycom device.  No NATing traffic coming in from the outside to the DMZ, but you would NAT between outside and inside, and DMZ and inside.  As long as the ISP knows where the 142 block is, that it has a next-hop IP address of the outside interface of the ASA, it should be reachable.  
0
 
bml104Author Commented:
Okay I just got of the phone with my ISP and I suggested this to them and they said it should work. So let me try and recreate this issue.

So my IP rainge is 2.2.2.0 /27  Some of these IP addreses are already used by the ASA as Static NATs for existing servers in m non-dmz network.  So if I add a DMZ and make the gateway 2.2.2.1, I will be able to assing devices behind that DMZ interface 2.2.2.0/27 addresses?

So if requst for the devices that have a Static NAT will go to their correct non dmz devices and request for 2.2.2.0/27 will go to the DMZ. Is this correct?
0
 
bml104Author Commented:
I actually got it working by adding the gateway IP to the DMZ interface and adding the server to the DMZ network with the proper IP. Everything seems to work thanks!
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now