Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 608
  • Last Modified:

ASA at the PUBLIC/PRIVATE edge. /29 subnet - need to use one of 6 public IP's for dual edge firewall

Hi,

Ill Try and explain :)

Our ISP routes to our /29 subnet. - I imagine to do so they route to our outside interface of our ASA. We have no router attached to the outside interface of our ASA. The outside interface of ASA is attached to a L2 Cisco switch - and then cabled out to net. - I'm presuming then that our ISP's gateway to our subnet is the public IP of the outside interface of our ASA

Ok - with a /29 subnet I have further public IP's to use. - I want to buy a co-edged Polycom firewall for vid-conference. I want to plug the outside interface of this polycom firewall into the external Cisco switch and give it one of our 6 public Ip's. (it will therefore be separate from the ASA. The polycoms firewalls internal interface will then plug into our internal LAN. The vid-conference internally will be on separate vlan to data (internal core switches)

The question I have is will this work? The traffic destined for the polycom outside interface will hit the outside interface of the ASA.(as a route back to the /29 subnet) But then what - Is it so that an ASA wont send traffic out the interface it received on.? to reach the polycom- Or will ARP somehow take care of it ? - discovering the outside interface IP of the polycom?

Sorry this might be simple answer - but I'm unsure if this will work. Thanks - If not what do I need to do. We have 6 public IP's - Do I need an external router outside of ASA - or is there another way? - thanks
0
philb19
Asked:
philb19
  • 2
1 Solution
 
davorinCommented:
I'm not sure that I understand your question completely, but I will try to answer you.
Your ISP has provided you with a /29 subnet of public IP adresses.
You should have 6 IP adresses, subnet mask and also a gateway for your network. The default gateway is the IP address of the port on ISP's router.
I guess one of IPs is being used on external ASA interface and you should have no problems connecting another device on external cisco switch using another IP address.
You can do a simple test. Just configure a laptop with a available public IP, subnet mask, gateway (check GW defined on external ASA interface) and DNS servers and try if you can browse the internet. Most likely browsing will work and that means that you don't need another router.
0
 
philb19Author Commented:
check GW defined on external ASA interface) ??
thanks - helpul but I checked and there is no gateway set on any interface of the ASA

just default route 0.0.0.0 - to ISP IP address - SO if i set the gateway to the ISP IP - i should be right?
0
 
philb19Author Commented:
sorry you right - static routes shows gateway of next hop - thanks for answering - simple answer :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now