Solved

Need some help using multiple subnets on WAN interface for 5510

Posted on 2013-12-06
3
723 Views
Last Modified: 2013-12-06
Hello Cisco Experts!  I've recently taken over a new role from a co-worker and could really use some expert advice.  I'm attempting to setup Outlook Web Access and a secondary MX record over at my failover datacenter.  There I have a 5510 which already has an IP assigned by our ISP bound to the WAN interface.  I purchased a new block of addresses on a different subnet that I'd like to use for OWA and a secondary MX record at my datacenter.  I can't seem to bind more than one public address in a different subnet to the WAN interface which is how I thought this would work.  I further read that the work-around is to use Proxy ARP and NAT.  Being new to this I could really use some step-by-step help in configuring the ASA so the new addresses I have are properly forwarded to Exchange (OWA) and Websense (secondary MX).  I can have Cisco support do it but I want to understand how this works so I can be more useful in the future.  Many thanks in advance for any assistance!
0
Comment
Question by:First Last
3 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39701679
What you want to do is create a sub interface and use VLAN.  Here is a post from Cisco forum that describes how:

https://learningnetwork.cisco.com/thread/10502
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 39701847
So basically you have something like this:


ISP  - public IP address space - ASA Outside - Inside IP Address space

but now you have the following:

ISP - 2 public IP address spaces - ASA outside - Inside IP Address space

If that is the case, then the ISP simply routes traffic to the new IP address space to the outside ip address of your firewall.

Your ASA DOES NOT have to have an interface on this new public ip address block in order to utilize it.  When you set up your nat rules,  you define a host on the inside(or DMZ) that will have a static nat address of a host on the new ip address block.

When traffic is routed to the ASA for this new block, the ASA knows that that public address you defined in the NAT statement is "published", if you will, on the outside, and will perform the correct translation and pass the traffic appropriately.
0
 
LVL 1

Author Comment

by:First Last
ID: 39701933
We actually got it working using proxy arp, just had to make sure the NAT line was in the right order, we had it at the bottom and it had to be moved up.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question