?
Solved

Use ASA without internet router

Posted on 2012-09-02
8
Medium Priority
?
195 Views
Last Modified: 2013-07-08
We will be placing some equipment at a Colo. They have assigned us the below IP block. Is it possible to use the ASA without a Internet Router and be able to use the assinged IP block?  If so how do we make it work.

Interface IP assignment
 194.123.100.110/30 4 IP 2 Usable
 194.123.100.110 Network address
 194.123.100.111 GM Router GMswitch26.dllstx03 port 0/19
 194.123.100.112 Customer Router
 194.123.100.113 Broadcast address

 IP block:
 194.123.98.128/27 IP Allocation
0
Comment
Question by:gb69
  • 5
  • 2
8 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38360098
You say 'without an internet router'. So what are those two routers showing in your IP assignment at the moment?

Do you mean you want to replace one of those?
0
 
LVL 7

Accepted Solution

by:
kellemann earned 2000 total points
ID: 38360127
It not a problem to use an ip block which is separate from your primary ip block on your outside interface. Simply create NAT statements (or statics depending on your software version) as usual with the new ip addresses. The firewall will begin to listen on those addresses on the outside and it should work without a hitch.

For example (version < 8.3):

static (inside,outside) 194.123.98.129 10.0.1.129 netmask 255.255.255.255

Or (version >=8.3):

object network obj-10.0.1.129
 host 10.0.1.129
 nat (inside,outside) static 194.123.98.129
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38360136
Like kellemann stated, there's no problem using a separate IP block.
The thing here is that the ASA isn't showing in the primary block....

So that brings me back to my first question....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 7

Expert Comment

by:kellemann
ID: 38360153
Just guessing here, but I think the snippet with the ip addresses is from the ISP's documentation. The ASA's primary address is probably the "customer router".
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38360160
Could be. My guess was that at the moment they use a router as the gateway and want to replace it.
Lets wait and see :)
0
 

Author Comment

by:gb69
ID: 38361052
Thank you for all of the replys and sorry for not being clear.  This is for a new site we are tying to setup. For other sites in the past would use a router and a Asa for this. I'm trying to see if we can just use the Asa by itself.  We are assigned the x.x.100.112 ip to
put a router on using gateway x.x.100.111.
 And from there the /27 subnet would be
used for the Asa's Internet facing ip
addresses. Is there a way to do this and use
 only the Asa?
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38361102
It looks like that should be possible. The 100.111 would be some CPE from the ISP. So the connection to that device is an Ethernet cable? I see no problems then.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 38361111
So use the .112 address on the outside interface of the ASA and use the /27 as you normally would for nat, statics, etc.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question