?
Solved

Multiple IP address on one Cisco ASA interface?

Posted on 2012-03-30
5
Medium Priority
?
826 Views
Last Modified: 2012-04-03
Is it possible to configure more than one ip to a Cisco ASA interface using one VLan?

For example, ISP gives us 3 IP address but we have only one physical cable connect to them.

If it is possible, how can I configure it?

Thanks!
0
Comment
Question by:Rick1i
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37786665
You can use one address to assign to the interface. The other ones you can make use of by assigning it through a static or nat command for example.
What exactly is it you want to do?
0
 

Author Comment

by:Rick1i
ID: 37789520
That sound good. I am not quite understand, if I do that, when I ping the NATed public address, will ASA just response the ARP request just like it responses the "actual" interface IP address request? I am asking that is, actually, I want publish the server on second IP address to provide DHCP services. While DHCP also need to response a broadcast request like ARP.

Thanks!
0
 
LVL 1

Expert Comment

by:SHEEP
ID: 37790682
So you want clients on netA get their ip address from a DHCP server on netB and you have an ASA connecting both networks something like:

netA ----- ASA ------ netB


dhcprelay server 192.168.1.10
dhcprelay enable netA
dhcprelay setroute netA
0
 

Author Comment

by:Rick1i
ID: 37792023
Yeah. However, I also need to to host on netA talk to netB after it got the address.

It is like:

pc-netA----ASA-------netB-server(provide dhcp, www, tftp etc)

pc get IP address belongs to netA range from dhcp. Then the pc access some service from server, like www, tftp etc.

It seems publish server on netA with NAT is a good idea (security concern is OK, they actually all within internal networks), my question is: is if I do what you suggested in first answer, and ping from PC to this NATed Address, will I got echo? If I use PC try to get an IP address, will the NATed server answer ARP directly, just like it is on NetA?

Or I need both of your solution to get this working: static NAT + dhcprelay?

Thank you so much for your help!
0
 
LVL 1

Accepted Solution

by:
SHEEP earned 1500 total points
ID: 37793836
Try this, you will need to change the number of the interfaces and IP addresses to match your network

interface ethernet 0/0
nameif IF_CLIENTS
ip address 192.168.1.1 255.255.255.0
security-level 100
exit

interface ehternet 0/1
nameif IF_SERVERS
ip address 192.168.2.1 255.255.255.0
security-level 100
exit

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

dhcprelay server 192.168.2.10
dhcprelay enable IF_CLIENTS
dhcprelay setroute IF_CLIENTS

This should do the trick, if you want to restrict to what servers/services clients access you will require an access-list. A client should be able to ping the DHCP, or any other server, by its IP address, in this example 192.168.2.10
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question