• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

New Typ of Firewall Config (for me)

OK - this is a different type of config for me so I am reaching out for some advise / help.  I manage many cisco asa 5520's and I am in the process of converting one asa from a block of 30 outside addresses of to a 50 Meg Cox cable modem with a block of 30 cidr addresses.

Normally I would just reference an outside address and bingo, things would work right.  In this case I found out so far that I could only get internet access through this cable modem by setting up the outside interface of the asa with dhcp - then it grabbed a public wan address, added a route to the asa 5520 and then I had internet access out through the cable modem.

My question / problem / nuance to me is when I reference / assign  one of our cidr addresses to a device (like a server) and that is natted from the dmz to the outside address I don't get access to the device.

I'm thinking I have to do something special to set up these cidr addresses but having never done this before I am reaching out for some advise.

my outside dhcp assigned wan address is 70.168.x.1xx with a gateway of 70.168.x.1

The cidr block I have been assigned from the cable company is

184.185.x.x/27

The cable company also has suggested a default gateway address withing the cidr block and a first useable and last useable address.

I must say that I usually look to over complicate things by thinking things are more difficult than they really are.

Can anyone get me pointed in the right direction so I know how to assign these cidr addresses and have then accessable from the outside???

Thanks in advance

Paul
0
TFGreen
Asked:
TFGreen
  • 2
1 Solution
 
Ernie BeekCommented:
The cable company also has suggested a default gateway address withing the cidr block and a first useable and last useable address.

Normally that would mean you use an address from that block, set the default gateway and it should be ok. So in this case that isn't working (?)

Also, when you get a second IP block from a provider, they should take care of the routing for that block to/through the public address of your firewall. Then you should be able to use them the same way as the first block. But here this isn't working and you're forced to use DHCP on the outside.

...........

Looks to me the first thing to do is to consult with the cable company to ask them what they had in mind because this obviousely isn't working correct.
0
 
TFGreenAuthor Commented:
There were a few problems that finally fixed this firewall situation.   One was a software upgrade from Cisco to 8.4.4.5 and the cable company initially had us configured on the wrong node and after that was corrected they then had to fix the routing on a follow up call to them.
0
 
TFGreenAuthor Commented:
I am selecting this solution as this was what actually fixed the problem we were having.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now