• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 849
  • Last Modified:

Multiple IP address on one Cisco ASA interface?

Is it possible to configure more than one ip to a Cisco ASA interface using one VLan?

For example, ISP gives us 3 IP address but we have only one physical cable connect to them.

If it is possible, how can I configure it?

Thanks!
0
Rick1i
Asked:
Rick1i
  • 2
  • 2
1 Solution
 
Ernie BeekExpertCommented:
You can use one address to assign to the interface. The other ones you can make use of by assigning it through a static or nat command for example.
What exactly is it you want to do?
0
 
Rick1iAuthor Commented:
That sound good. I am not quite understand, if I do that, when I ping the NATed public address, will ASA just response the ARP request just like it responses the "actual" interface IP address request? I am asking that is, actually, I want publish the server on second IP address to provide DHCP services. While DHCP also need to response a broadcast request like ARP.

Thanks!
0
 
SHEEPCommented:
So you want clients on netA get their ip address from a DHCP server on netB and you have an ASA connecting both networks something like:

netA ----- ASA ------ netB


dhcprelay server 192.168.1.10
dhcprelay enable netA
dhcprelay setroute netA
0
 
Rick1iAuthor Commented:
Yeah. However, I also need to to host on netA talk to netB after it got the address.

It is like:

pc-netA----ASA-------netB-server(provide dhcp, www, tftp etc)

pc get IP address belongs to netA range from dhcp. Then the pc access some service from server, like www, tftp etc.

It seems publish server on netA with NAT is a good idea (security concern is OK, they actually all within internal networks), my question is: is if I do what you suggested in first answer, and ping from PC to this NATed Address, will I got echo? If I use PC try to get an IP address, will the NATed server answer ARP directly, just like it is on NetA?

Or I need both of your solution to get this working: static NAT + dhcprelay?

Thank you so much for your help!
0
 
SHEEPCommented:
Try this, you will need to change the number of the interfaces and IP addresses to match your network

interface ethernet 0/0
nameif IF_CLIENTS
ip address 192.168.1.1 255.255.255.0
security-level 100
exit

interface ehternet 0/1
nameif IF_SERVERS
ip address 192.168.2.1 255.255.255.0
security-level 100
exit

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

dhcprelay server 192.168.2.10
dhcprelay enable IF_CLIENTS
dhcprelay setroute IF_CLIENTS

This should do the trick, if you want to restrict to what servers/services clients access you will require an access-list. A client should be able to ping the DHCP, or any other server, by its IP address, in this example 192.168.2.10
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now