Solved

Additional IP address on an ASA 5510, best practices?

Posted on 2014-03-25
5
814 Views
Last Modified: 2014-03-25
At the moment I have a bog standard setup:

1) An inside port connected to the inside network
2) An outside port with a single static IP
3) NAT to allow my inside users to browse the internet

The outside IP is acquired via PPPoE to an ISP provided DSL router.

Now we have decided to run a web server, and we'd like to use a different IP. I've phoned the ISP, and they have provided a number of IPs, in the same range. The other IPs I'm told need to be statically set.

I'm confused about how to set up this new IP. It seems I can't just add a subinterface IP to the already existing connection (the subnet overlaps). What I'm left with is that I can add a subinterface with its own VLAN, but no IP. Where can I proceed from here?

I was also thinking I could use the new IPs in a NAT pool, allowing me to separate the traffic in a different way. But it's not clear how to do this.
0
Comment
Question by:Titian
  • 3
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
Pancake_Effect earned 500 total points
ID: 39953467
I had to deal with this recently actually with a 5510, I'm not a full blown networker, but I know enough to get my by.

Okay so on your server you probably have numerous different applications running on it.

However you probably only have one internal IP address on that one server.

The ISP has given you a few different public addresses.

So what you need to do is for each application you want linked to the outside world is to tell the ASA 5510 to link one of your provided public address to that specific port and ip address.


So it looks like this:

Outside public address (Pick One from your provided Pool  > Pick the Port you want the web service to run on > Link it to your one local static IP address from the server

Then you would want to use a Public DNS host website to associate the public address with a real world name.



To do this on the ASA 5510 GUI, you want to go to configuration and go to the nat settings. Then make the appropriate rules. Below is a screenshot I made of an example. Note that you will have to make a rule for each protocol. If you want to host multiple websites on your server, you will have to tell it to run on different ports. But if you only have on website, you could just leave it at port 80 if you want. On my example I just made a example port of using generic http on port 80.

Rules
0
 

Author Comment

by:Titian
ID: 39953634
So it's simply a matter of putting the IP in a NAT table? How does the ISP gateway device know to send packets my way? All it sees at the moment it the existing public IP.
0
 
LVL 4

Expert Comment

by:Pancake_Effect
ID: 39953923
On your side that's all you need to do.

The line in coming into your facility from your ISP already has that subnet associated with that public address range coming into your facility. So when someone types in that address externally it will direct them to your server. After that you go to a place like GO Daddy to purchase a domain name to associate the public address with the IP (so they don't have to type in the ip address all of the time)

So all you have to do is make use of the public IP, which is done by creating the NAT rule and associating it with a port.
0
 

Author Comment

by:Titian
ID: 39954139
It worked! And it was even easier than I thought. I had a "Network NAT" set up in ASDM, which combines all the necessary configs. All I did was change the NAT from "Outside" to my new static IP.

I then changed the app that's querying the server to the same IP, and it works.
0
 

Author Closing Comment

by:Titian
ID: 39954144
It really is as simple as it looks. No need to configure the IPs on interfaces and all that, it's purely NAT.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now