Skip to main content

disjointed external static ip's on same ASA5505?

More
16 years 1 month ago #27971 by blacksunshine
disjointed external static ip's on same ASA5505?

This is probably an easy answer, never tried it myself though...

When we switched our isp's, we went from 16 static ip's to what was supposed to be the same however the new isp gave me 3 statics and the rest as a disjointed routed block...the routed block terminates at one of the static ips.....

Is it possible to work this routed block into the same router as the main static ip as a passthrough and then handle them on the back side of the ASA5505 or is this not even possible with the disjointed routed block?
More
16 years 1 month ago #27991 by S0lo
I'm not sure that I comprehend what you mean by "disjointed routed block". If I may, let me rephrase your question using an example to make sure I understand you right.

For your outside interface, you are given 3 IPs, some thing like this:

200.10.1.1/30
200.10.1.5/30
200.10.1.9/30

And then few other disjoint networks addresses. something like:

200.10.1.32/29
200.10.1.56/29

And you want to configure your ASA to accept all those IPs as your own public addresses. Is that what you meant?

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 1 month ago #27999 by blacksunshine
this is what the isp gave me:

Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248

I am thinking their calculations are wrong but with the garbage they have been sending me lately, I cannot think straight....

xxx.yyy.239.4 is my ASA5505
More
16 years 1 month ago #28003 by S0lo

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248


Yes this one is wrong as you said. If the /28 is correct then the subnetmask should be 255.255.255.240 not 255.255.255.248. I'd check with the ISP again.

Having that cleared out. My question to you is what do you want to do with that extra range (xxx.yyy.238.240) ? For example, do you want to assign them to some web servers that you to be accessible from the internet ? If that is what you want to do then YES you can use the static command to map them to your internal server IPs.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
16 years 1 month ago #28005 by blacksunshine
yes, that is what I thought:

Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248

should be:

Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.240

that is what I told them, they argued with me for a while...so...can you throw an example of how to utilize one of those routed block ip's.....

I am a cisco wannabe so I have no clue....
More
16 years 1 month ago #28009 by S0lo
Sure, Say you have a web server with inside IP 192.160.1.50 and you want the outside (internet) to be able to browse the web pages on the server. You want the public IP for server to be xxx.yyy.238.241 /28. You use a static command like this

[code:1]static (inside,outside) xxx.yyy.238.241 192.160.1.50 netmask 255.255.255.255[/code:1]

You also need an access list to allow inbound traffic to enter the outside interface. Some thing like this:

[code:1]access-list outside_access_in extended permit ip any host xxx.yyy.238.241
access-group outside_access_in in interface outside[/code:1]

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.135 seconds