- Posts: 12
- Thank you received: 0
disjointed external static ip's on same ASA5505?
- blacksunshine
- Topic Author
- Offline
- New Member
Less
More
16 years 1 month ago #27971
by blacksunshine
disjointed external static ip's on same ASA5505? was created by blacksunshine
disjointed external static ip's on same ASA5505?
This is probably an easy answer, never tried it myself though...
When we switched our isp's, we went from 16 static ip's to what was supposed to be the same however the new isp gave me 3 statics and the rest as a disjointed routed block...the routed block terminates at one of the static ips.....
Is it possible to work this routed block into the same router as the main static ip as a passthrough and then handle them on the back side of the ASA5505 or is this not even possible with the disjointed routed block?
This is probably an easy answer, never tried it myself though...
When we switched our isp's, we went from 16 static ip's to what was supposed to be the same however the new isp gave me 3 statics and the rest as a disjointed routed block...the routed block terminates at one of the static ips.....
Is it possible to work this routed block into the same router as the main static ip as a passthrough and then handle them on the back side of the ASA5505 or is this not even possible with the disjointed routed block?
16 years 1 month ago #27991
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: disjointed external static ip's on same ASA5505?
I'm not sure that I comprehend what you mean by "disjointed routed block". If I may, let me rephrase your question using an example to make sure I understand you right.
For your outside interface, you are given 3 IPs, some thing like this:
200.10.1.1/30
200.10.1.5/30
200.10.1.9/30
And then few other disjoint networks addresses. something like:
200.10.1.32/29
200.10.1.56/29
And you want to configure your ASA to accept all those IPs as your own public addresses. Is that what you meant?
For your outside interface, you are given 3 IPs, some thing like this:
200.10.1.1/30
200.10.1.5/30
200.10.1.9/30
And then few other disjoint networks addresses. something like:
200.10.1.32/29
200.10.1.56/29
And you want to configure your ASA to accept all those IPs as your own public addresses. Is that what you meant?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
- blacksunshine
- Topic Author
- Offline
- New Member
Less
More
- Posts: 12
- Thank you received: 0
16 years 1 month ago #27999
by blacksunshine
Replied by blacksunshine on topic Re: disjointed external static ip's on same ASA5505?
this is what the isp gave me:
Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248
I am thinking their calculations are wrong but with the garbage they have been sending me lately, I cannot think straight....
xxx.yyy.239.4 is my ASA5505
Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248
I am thinking their calculations are wrong but with the garbage they have been sending me lately, I cannot think straight....
xxx.yyy.239.4 is my ASA5505
16 years 1 month ago #28003
by S0lo
Yes this one is wrong as you said. If the /28 is correct then the subnetmask should be 255.255.255.240 not 255.255.255.248. I'd check with the ISP again.
Having that cleared out. My question to you is what do you want to do with that extra range (xxx.yyy.238.240) ? For example, do you want to assign them to some web servers that you to be accessible from the internet ? If that is what you want to do then YES you can use the static command to map them to your internal server IPs.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: disjointed external static ip's on same ASA5505?
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248
Yes this one is wrong as you said. If the /28 is correct then the subnetmask should be 255.255.255.240 not 255.255.255.248. I'd check with the ISP again.
Having that cleared out. My question to you is what do you want to do with that extra range (xxx.yyy.238.240) ? For example, do you want to assign them to some web servers that you to be accessible from the internet ? If that is what you want to do then YES you can use the static command to map them to your internal server IPs.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
- blacksunshine
- Topic Author
- Offline
- New Member
Less
More
- Posts: 12
- Thank you received: 0
16 years 1 month ago #28005
by blacksunshine
Replied by blacksunshine on topic Re: disjointed external static ip's on same ASA5505?
yes, that is what I thought:
Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248
should be:
Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.240
that is what I told them, they argued with me for a while...so...can you throw an example of how to utilize one of those routed block ip's.....
I am a cisco wannabe so I have no clue....
Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248
should be:
Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.240
that is what I told them, they argued with me for a while...so...can you throw an example of how to utilize one of those routed block ip's.....
I am a cisco wannabe so I have no clue....
16 years 1 month ago #28009
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: disjointed external static ip's on same ASA5505?
Sure, Say you have a web server with inside IP 192.160.1.50 and you want the outside (internet) to be able to browse the web pages on the server. You want the public IP for server to be xxx.yyy.238.241 /28. You use a static command like this
[code:1]static (inside,outside) xxx.yyy.238.241 192.160.1.50 netmask 255.255.255.255[/code:1]
You also need an access list to allow inbound traffic to enter the outside interface. Some thing like this:
[code:1]access-list outside_access_in extended permit ip any host xxx.yyy.238.241
access-group outside_access_in in interface outside[/code:1]
[code:1]static (inside,outside) xxx.yyy.238.241 192.160.1.50 netmask 255.255.255.255[/code:1]
You also need an access list to allow inbound traffic to enter the outside interface. Some thing like this:
[code:1]access-list outside_access_in extended permit ip any host xxx.yyy.238.241
access-group outside_access_in in interface outside[/code:1]
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Time to create page: 0.142 seconds