Solved

Configure two outside IP blocks on an ASA5505

Posted on 2014-02-18
4
474 Views
Last Modified: 2014-02-21
Hello,

We have an ASA5505 running  8.2(1) and ASDM 6.2. We recently upgraded to fiber and we were given a second outside IP Address Block by AT&T but can't get them to work with our current outside IP Block. AT&T has the first block of IP's assigned to one port on their Router and the second block on another port of their router. We have the first outside range plugged into our ASA on port 0/0 (as "Outside") and we just added the second range of IP's on port 0/1 of our ASA (as "outside40").  We need to somehow add this second outside range of IP's so they can be used by outside vendors to get into our LAN.  It seems like we need to add a second Static Route for this new block of IP's to work but the ASA won't allow it. Is there some way around this or is it  just not possible? Any help would be greatly appreciated.

Thanks,
pbmtech
0
Comment
Question by:pbmtech
  • 2
4 Comments
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 333 total points
ID: 39868094
The proper way to do it (if you only needed an additional assignment) would be for AT&T to route the 2nd subnet to the IP of your existing inside interface.

Then, as you create static NAT entries, it will just work.
0
 
LVL 24

Accepted Solution

by:
Ken Boone earned 167 total points
ID: 39868101
Actually what needs to happen is that both addresses are used on the same outside interface.  So you have address space A and space B.

Address space A is currently used between ATT and the outside interface of the ASA.

What normally happens when a second block is used is that ATT will add that second address space as a secondary network on their router on the same interface as the first block.

When you build your NAT statements on the ASA, it tells the ASA to handle ARP on the outside interface for these new addresses.  

So you shouldn't have to add a route, or add an extra interface on your ASA for this additional block to work.  Just start building your NAT rules and ACL as if they actually lived on the outside interface.
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 333 total points
ID: 39868132
Darn it, I meant outside interface.
0
 

Author Comment

by:pbmtech
ID: 39868159
Ok great. We were stumped on this one and were not sure where to go from here. I will contact AT&T and request that they put the new IP Block on the same address space as the first. Thanks to both of you for the quick response!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re like me and you like peace and quiet, saving money, and pretty lights, then this article is for you. For financial reasons, I buy all the Cisco equipment for my home lab second-hand. The first thing to wear out is usually one of the coo…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question