Multiple IP address on one Cisco ASA interface?

Is it possible to configure more than one ip to a Cisco ASA interface using one VLan?

For example, ISP gives us 3 IP address but we have only one physical cable connect to them.

If it is possible, how can I configure it?

Thanks!
Rick1iAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ernie BeekExpertCommented:
You can use one address to assign to the interface. The other ones you can make use of by assigning it through a static or nat command for example.
What exactly is it you want to do?
Rick1iAuthor Commented:
That sound good. I am not quite understand, if I do that, when I ping the NATed public address, will ASA just response the ARP request just like it responses the "actual" interface IP address request? I am asking that is, actually, I want publish the server on second IP address to provide DHCP services. While DHCP also need to response a broadcast request like ARP.

Thanks!
SHEEPCommented:
So you want clients on netA get their ip address from a DHCP server on netB and you have an ASA connecting both networks something like:

netA ----- ASA ------ netB


dhcprelay server 192.168.1.10
dhcprelay enable netA
dhcprelay setroute netA
Rick1iAuthor Commented:
Yeah. However, I also need to to host on netA talk to netB after it got the address.

It is like:

pc-netA----ASA-------netB-server(provide dhcp, www, tftp etc)

pc get IP address belongs to netA range from dhcp. Then the pc access some service from server, like www, tftp etc.

It seems publish server on netA with NAT is a good idea (security concern is OK, they actually all within internal networks), my question is: is if I do what you suggested in first answer, and ping from PC to this NATed Address, will I got echo? If I use PC try to get an IP address, will the NATed server answer ARP directly, just like it is on NetA?

Or I need both of your solution to get this working: static NAT + dhcprelay?

Thank you so much for your help!
SHEEPCommented:
Try this, you will need to change the number of the interfaces and IP addresses to match your network

interface ethernet 0/0
nameif IF_CLIENTS
ip address 192.168.1.1 255.255.255.0
security-level 100
exit

interface ehternet 0/1
nameif IF_SERVERS
ip address 192.168.2.1 255.255.255.0
security-level 100
exit

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

dhcprelay server 192.168.2.10
dhcprelay enable IF_CLIENTS
dhcprelay setroute IF_CLIENTS

This should do the trick, if you want to restrict to what servers/services clients access you will require an access-list. A client should be able to ping the DHCP, or any other server, by its IP address, in this example 192.168.2.10

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.