Solved

Configure two outside IP blocks on an ASA5505

Posted on 2014-02-18
4
481 Views
Last Modified: 2014-02-21
Hello,

We have an ASA5505 running  8.2(1) and ASDM 6.2. We recently upgraded to fiber and we were given a second outside IP Address Block by AT&T but can't get them to work with our current outside IP Block. AT&T has the first block of IP's assigned to one port on their Router and the second block on another port of their router. We have the first outside range plugged into our ASA on port 0/0 (as "Outside") and we just added the second range of IP's on port 0/1 of our ASA (as "outside40").  We need to somehow add this second outside range of IP's so they can be used by outside vendors to get into our LAN.  It seems like we need to add a second Static Route for this new block of IP's to work but the ASA won't allow it. Is there some way around this or is it  just not possible? Any help would be greatly appreciated.

Thanks,
pbmtech
0
Comment
Question by:pbmtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 333 total points
ID: 39868094
The proper way to do it (if you only needed an additional assignment) would be for AT&T to route the 2nd subnet to the IP of your existing inside interface.

Then, as you create static NAT entries, it will just work.
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 167 total points
ID: 39868101
Actually what needs to happen is that both addresses are used on the same outside interface.  So you have address space A and space B.

Address space A is currently used between ATT and the outside interface of the ASA.

What normally happens when a second block is used is that ATT will add that second address space as a secondary network on their router on the same interface as the first block.

When you build your NAT statements on the ASA, it tells the ASA to handle ARP on the outside interface for these new addresses.  

So you shouldn't have to add a route, or add an extra interface on your ASA for this additional block to work.  Just start building your NAT rules and ACL as if they actually lived on the outside interface.
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 333 total points
ID: 39868132
Darn it, I meant outside interface.
0
 

Author Comment

by:pbmtech
ID: 39868159
Ok great. We were stumped on this one and were not sure where to go from here. I will contact AT&T and request that they put the new IP Block on the same address space as the first. Thanks to both of you for the quick response!
0

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question