Mustafa Osman
asked on
Can I assign secondary IP addresses to Cisco firewall interface?
Can I assign secondary IP addresses to Cisco firewall interface?
ASKER
Thanks
All what I need to do is add an external IP address from one machine in the DMZ to access the internet through that address only do I need an VLAN then? or not?
All what I need to do is add an external IP address from one machine in the DMZ to access the internet through that address only do I need an VLAN then? or not?
well normally the dmz would be an additional physical port on the asa. Is that how it is setup? Do you just need to provide a NAT for this device on the DMZ. Im not clear on exactly what you are trying to accomplish.
ASKER
The MAC Mini is in the DMZ, we need this machine to send all the traffic to the internet through a specific IP address and a port number. We currently have one Outside connection to the internet from the ASA. can we have another IP address on the ASA without additional physical connection to the internet or?
I hope I am being clear as I could see the confusion there
thanks
I hope I am being clear as I could see the confusion there
thanks
Ok so let me ask a few questions as I am not 100% yet on what you want.
The MAC Mini in the DMZ... Does it simply just need to reach the internet?
or
Do folks on the internet need to reach it on a certain port?
The MAC Mini in the DMZ... Does it simply just need to reach the internet?
or
Do folks on the internet need to reach it on a certain port?
ASKER
Thank you I must admit I am a little confused myself.
Well basically the firewall has three interfaces one to the DMZ, the other to the internal network and the third to the outside world
Now we need to give the MAC mini a reserved IP address, direct all the traffic from the internet to reach that machine on port 22.
I am doing that remotely....obviously there will be someone at the site who will add the MAC mini and assign it an IP address.
Will I need another physical connection from the firewall connected to the outside world or I can use sub-interfaces? Second, can I direct all the traffic from the internet meant for that machine to reach that machine on port 22?
Thanks
Well basically the firewall has three interfaces one to the DMZ, the other to the internal network and the third to the outside world
Now we need to give the MAC mini a reserved IP address, direct all the traffic from the internet to reach that machine on port 22.
I am doing that remotely....obviously there will be someone at the site who will add the MAC mini and assign it an IP address.
Will I need another physical connection from the firewall connected to the outside world or I can use sub-interfaces? Second, can I direct all the traffic from the internet meant for that machine to reach that machine on port 22?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you need to do that, configure the ASA with sub interfaces and assign the appropriate vlans to them. Then put the the address on a different vlan. Trunk both vlans from the switch to the ASA.
Here is a document that describes this:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/intrface.html#wp1044006