Cisco ASA 5505 with /29 subnet on a DSL line
Hello Experts
I have a Cisco ASA 5505 (running 9.2.4). I also have a /29 subnet from my ISP and I need to start using the range of IPs I have been allocated.
At present when I try to use the ip address 58.86.122.216 255.255.255.248..... command against my outside vlan I get the Ignoring netmask. Netmask must be 255.255.255.255 for pppoe interface error. (NB - not my actual IP address....)
I have configured ASAs on non-dialup type connections many times before but never before in this way on a DSL line - this one has me foxed at present. I'd like the subnet configured on my outside vlan so I can statically NAT through to servers on the inside.
Any and all help much appreciated.
I have a Cisco ASA 5505 (running 9.2.4). I also have a /29 subnet from my ISP and I need to start using the range of IPs I have been allocated.
At present when I try to use the ip address 58.86.122.216 255.255.255.248..... command against my outside vlan I get the Ignoring netmask. Netmask must be 255.255.255.255 for pppoe interface error. (NB - not my actual IP address....)
I have configured ASAs on non-dialup type connections many times before but never before in this way on a DSL line - this one has me foxed at present. I'd like the subnet configured on my outside vlan so I can statically NAT through to servers on the inside.
Any and all help much appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi both
Ken - not quite. Sorry for not being clearer. Until recently this connection had the IP address 58.86.122.216 /32. It was requested to run a couple of servers at this site so the ISP-allocated subnet was expanded to a /29 - keeping that .216 IP address as part of the /29 range to make life easier.
The way I have always worked with ASAs before (on non-DSL lines) is for the outside vlan to have a configuration akin to this:
ip address 95.40.38.132 255.255.255.224
This would allow me to statically NAT any of the available public IP addresses through to inside or DMZ servers.
What I am not clear on is how to configure the /29 on the outside vlan now as the ASA seems insistent on only allowing me a /32 address on the outside vlan.
Ken - not quite. Sorry for not being clearer. Until recently this connection had the IP address 58.86.122.216 /32. It was requested to run a couple of servers at this site so the ISP-allocated subnet was expanded to a /29 - keeping that .216 IP address as part of the /29 range to make life easier.
The way I have always worked with ASAs before (on non-DSL lines) is for the outside vlan to have a configuration akin to this:
ip address 95.40.38.132 255.255.255.224
This would allow me to statically NAT any of the available public IP addresses through to inside or DMZ servers.
What I am not clear on is how to configure the /29 on the outside vlan now as the ASA seems insistent on only allowing me a /32 address on the outside vlan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Investigating - many thanks - will come back to you once I have been able to try it all out.
ASKER
Thanks for your help - I just assumed (!) that with a /32 snm on the outside nothing would work. Lesson learnt!
If that is the case, you do not need to add the /29 network to the outside interface. Just go ahead and build your NATs and nat to the /29 network IPs as if they are on the outside.
The ISP should be routing the to the /29 subnet by sending traffic to the /30 address of your ASA.
The ASA will receive the traffic and NAT it properly.