We are moving to a new ISP, but the requirements differ in that the provider only offers a /30 bit subnet for our CISCO ASA 5510 WAN Interface connecting to the ISP upstream router.
INT: 188.8.131.52 /30
They did assign a block of 14 IP addresses to use (/28), but I am guessing I will need to translate this pool of addresses from behind an available DMZ interface.
block: 100.100.100.96 /28
Our current physical/logical the address block is a /28 bit mask and allows us to translate without the extra perimeter - much easier, but this is going bye-bye.
ip address 184.108.40.206 255.255.255.252
ip address 192.168.100.1 255.255.252.0
ip address 10.200.200.1 255.255.255.0
I did get the DMZ and LAN traffic to communicate, by simply using a nat exemption.
How do I translate and get the [10.200.200.x] servers behind the DMZ to provide Internet request, using the 100.100.100.96 /28 (.97-.110) usable?
To allow full LAN Internet access, will I simply translate the LAN traffic (192.168.100.x) to the WAN interface IP, or do I use one of the addresses out of the block of 100.100.100.96 /28?
I also have 2 site to site VPNS - that would need to be reconfigured to connect to the proper endpoint. Would I connect them to the /30 PUBLIC IPS or one of the /28 PUBLIC IPs?
Of course, I will repoint my PUBLIC DNS records, once this is square.