Solved

Need some help using multiple subnets on WAN interface for 5510

Posted on 2013-12-06
3
716 Views
Last Modified: 2013-12-06
Hello Cisco Experts!  I've recently taken over a new role from a co-worker and could really use some expert advice.  I'm attempting to setup Outlook Web Access and a secondary MX record over at my failover datacenter.  There I have a 5510 which already has an IP assigned by our ISP bound to the WAN interface.  I purchased a new block of addresses on a different subnet that I'd like to use for OWA and a secondary MX record at my datacenter.  I can't seem to bind more than one public address in a different subnet to the WAN interface which is how I thought this would work.  I further read that the work-around is to use Proxy ARP and NAT.  Being new to this I could really use some step-by-step help in configuring the ASA so the new addresses I have are properly forwarded to Exchange (OWA) and Websense (secondary MX).  I can have Cisco support do it but I want to understand how this works so I can be more useful in the future.  Many thanks in advance for any assistance!
0
Comment
Question by:First Last
3 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39701679
What you want to do is create a sub interface and use VLAN.  Here is a post from Cisco forum that describes how:

https://learningnetwork.cisco.com/thread/10502
0
 
LVL 24

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 39701847
So basically you have something like this:


ISP  - public IP address space - ASA Outside - Inside IP Address space

but now you have the following:

ISP - 2 public IP address spaces - ASA outside - Inside IP Address space

If that is the case, then the ISP simply routes traffic to the new IP address space to the outside ip address of your firewall.

Your ASA DOES NOT have to have an interface on this new public ip address block in order to utilize it.  When you set up your nat rules,  you define a host on the inside(or DMZ) that will have a static nat address of a host on the new ip address block.

When traffic is routed to the ASA for this new block, the ASA knows that that public address you defined in the NAT statement is "published", if you will, on the outside, and will perform the correct translation and pass the traffic appropriately.
0
 
LVL 1

Author Comment

by:First Last
ID: 39701933
We actually got it working using proxy arp, just had to make sure the NAT line was in the right order, we had it at the bottom and it had to be moved up.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now