?
Solved

Configure two outside IP blocks on an ASA5505

Posted on 2014-02-18
4
Medium Priority
?
489 Views
Last Modified: 2014-02-21
Hello,

We have an ASA5505 running  8.2(1) and ASDM 6.2. We recently upgraded to fiber and we were given a second outside IP Address Block by AT&T but can't get them to work with our current outside IP Block. AT&T has the first block of IP's assigned to one port on their Router and the second block on another port of their router. We have the first outside range plugged into our ASA on port 0/0 (as "Outside") and we just added the second range of IP's on port 0/1 of our ASA (as "outside40").  We need to somehow add this second outside range of IP's so they can be used by outside vendors to get into our LAN.  It seems like we need to add a second Static Route for this new block of IP's to work but the ASA won't allow it. Is there some way around this or is it  just not possible? Any help would be greatly appreciated.

Thanks,
pbmtech
0
Comment
Question by:pbmtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1332 total points
ID: 39868094
The proper way to do it (if you only needed an additional assignment) would be for AT&T to route the 2nd subnet to the IP of your existing inside interface.

Then, as you create static NAT entries, it will just work.
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 668 total points
ID: 39868101
Actually what needs to happen is that both addresses are used on the same outside interface.  So you have address space A and space B.

Address space A is currently used between ATT and the outside interface of the ASA.

What normally happens when a second block is used is that ATT will add that second address space as a secondary network on their router on the same interface as the first block.

When you build your NAT statements on the ASA, it tells the ASA to handle ARP on the outside interface for these new addresses.  

So you shouldn't have to add a route, or add an extra interface on your ASA for this additional block to work.  Just start building your NAT rules and ACL as if they actually lived on the outside interface.
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1332 total points
ID: 39868132
Darn it, I meant outside interface.
0
 

Author Comment

by:pbmtech
ID: 39868159
Ok great. We were stumped on this one and were not sure where to go from here. I will contact AT&T and request that they put the new IP Block on the same address space as the first. Thanks to both of you for the quick response!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question