Multiple IP address on one Cisco ASA interface?

Posted on 2012-03-30
Last Modified: 2012-04-03
Is it possible to configure more than one ip to a Cisco ASA interface using one VLan?

For example, ISP gives us 3 IP address but we have only one physical cable connect to them.

If it is possible, how can I configure it?

Question by:Rick1i
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 35

Expert Comment

by:Ernie Beek
ID: 37786665
You can use one address to assign to the interface. The other ones you can make use of by assigning it through a static or nat command for example.
What exactly is it you want to do?

Author Comment

ID: 37789520
That sound good. I am not quite understand, if I do that, when I ping the NATed public address, will ASA just response the ARP request just like it responses the "actual" interface IP address request? I am asking that is, actually, I want publish the server on second IP address to provide DHCP services. While DHCP also need to response a broadcast request like ARP.


Expert Comment

ID: 37790682
So you want clients on netA get their ip address from a DHCP server on netB and you have an ASA connecting both networks something like:

netA ----- ASA ------ netB

dhcprelay server
dhcprelay enable netA
dhcprelay setroute netA

Author Comment

ID: 37792023
Yeah. However, I also need to to host on netA talk to netB after it got the address.

It is like:

pc-netA----ASA-------netB-server(provide dhcp, www, tftp etc)

pc get IP address belongs to netA range from dhcp. Then the pc access some service from server, like www, tftp etc.

It seems publish server on netA with NAT is a good idea (security concern is OK, they actually all within internal networks), my question is: is if I do what you suggested in first answer, and ping from PC to this NATed Address, will I got echo? If I use PC try to get an IP address, will the NATed server answer ARP directly, just like it is on NetA?

Or I need both of your solution to get this working: static NAT + dhcprelay?

Thank you so much for your help!

Accepted Solution

SHEEP earned 500 total points
ID: 37793836
Try this, you will need to change the number of the interfaces and IP addresses to match your network

interface ethernet 0/0
ip address
security-level 100

interface ehternet 0/1
ip address
security-level 100

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

dhcprelay server
dhcprelay enable IF_CLIENTS
dhcprelay setroute IF_CLIENTS

This should do the trick, if you want to restrict to what servers/services clients access you will require an access-list. A client should be able to ping the DHCP, or any other server, by its IP address, in this example

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question