?
Solved

Need some help using multiple subnets on WAN interface for 5510

Posted on 2013-12-06
3
Medium Priority
?
730 Views
Last Modified: 2013-12-06
Hello Cisco Experts!  I've recently taken over a new role from a co-worker and could really use some expert advice.  I'm attempting to setup Outlook Web Access and a secondary MX record over at my failover datacenter.  There I have a 5510 which already has an IP assigned by our ISP bound to the WAN interface.  I purchased a new block of addresses on a different subnet that I'd like to use for OWA and a secondary MX record at my datacenter.  I can't seem to bind more than one public address in a different subnet to the WAN interface which is how I thought this would work.  I further read that the work-around is to use Proxy ARP and NAT.  Being new to this I could really use some step-by-step help in configuring the ASA so the new addresses I have are properly forwarded to Exchange (OWA) and Websense (secondary MX).  I can have Cisco support do it but I want to understand how this works so I can be more useful in the future.  Many thanks in advance for any assistance!
0
Comment
Question by:First Last
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39701679
What you want to do is create a sub interface and use VLAN.  Here is a post from Cisco forum that describes how:

https://learningnetwork.cisco.com/thread/10502
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 2000 total points
ID: 39701847
So basically you have something like this:


ISP  - public IP address space - ASA Outside - Inside IP Address space

but now you have the following:

ISP - 2 public IP address spaces - ASA outside - Inside IP Address space

If that is the case, then the ISP simply routes traffic to the new IP address space to the outside ip address of your firewall.

Your ASA DOES NOT have to have an interface on this new public ip address block in order to utilize it.  When you set up your nat rules,  you define a host on the inside(or DMZ) that will have a static nat address of a host on the new ip address block.

When traffic is routed to the ASA for this new block, the ASA knows that that public address you defined in the NAT statement is "published", if you will, on the outside, and will perform the correct translation and pass the traffic appropriately.
0
 
LVL 1

Author Comment

by:First Last
ID: 39701933
We actually got it working using proxy arp, just had to make sure the NAT line was in the right order, we had it at the bottom and it had to be moved up.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question