Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Need some help using multiple subnets on WAN interface for 5510

Posted on 2013-12-06
3
Medium Priority
?
737 Views
Last Modified: 2013-12-06
Hello Cisco Experts!  I've recently taken over a new role from a co-worker and could really use some expert advice.  I'm attempting to setup Outlook Web Access and a secondary MX record over at my failover datacenter.  There I have a 5510 which already has an IP assigned by our ISP bound to the WAN interface.  I purchased a new block of addresses on a different subnet that I'd like to use for OWA and a secondary MX record at my datacenter.  I can't seem to bind more than one public address in a different subnet to the WAN interface which is how I thought this would work.  I further read that the work-around is to use Proxy ARP and NAT.  Being new to this I could really use some step-by-step help in configuring the ASA so the new addresses I have are properly forwarded to Exchange (OWA) and Websense (secondary MX).  I can have Cisco support do it but I want to understand how this works so I can be more useful in the future.  Many thanks in advance for any assistance!
0
Comment
Question by:First Last
3 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39701679
What you want to do is create a sub interface and use VLAN.  Here is a post from Cisco forum that describes how:

https://learningnetwork.cisco.com/thread/10502
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 2000 total points
ID: 39701847
So basically you have something like this:


ISP  - public IP address space - ASA Outside - Inside IP Address space

but now you have the following:

ISP - 2 public IP address spaces - ASA outside - Inside IP Address space

If that is the case, then the ISP simply routes traffic to the new IP address space to the outside ip address of your firewall.

Your ASA DOES NOT have to have an interface on this new public ip address block in order to utilize it.  When you set up your nat rules,  you define a host on the inside(or DMZ) that will have a static nat address of a host on the new ip address block.

When traffic is routed to the ASA for this new block, the ASA knows that that public address you defined in the NAT statement is "published", if you will, on the outside, and will perform the correct translation and pass the traffic appropriately.
0
 
LVL 1

Author Comment

by:First Last
ID: 39701933
We actually got it working using proxy arp, just had to make sure the NAT line was in the right order, we had it at the bottom and it had to be moved up.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question