Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: disjointed external static ip's on same ASA5505?

disjointed external static ip's on same ASA5505? 7 years 10 months ago #27971

disjointed external static ip's on same ASA5505?

This is probably an easy answer, never tried it myself though...

When we switched our isp's, we went from 16 static ip's to what was supposed to be the same however the new isp gave me 3 statics and the rest as a disjointed routed block...the routed block terminates at one of the static ips.....

Is it possible to work this routed block into the same router as the main static ip as a passthrough and then handle them on the back side of the ASA5505 or is this not even possible with the disjointed routed block?
The administrator has disabled public write access.

Re: disjointed external static ip's on same ASA5505? 7 years 10 months ago #27991

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
I'm not sure that I comprehend what you mean by "disjointed routed block". If I may, let me rephrase your question using an example to make sure I understand you right.

For your outside interface, you are given 3 IPs, some thing like this:

200.10.1.1/30
200.10.1.5/30
200.10.1.9/30

And then few other disjoint networks addresses. something like:

200.10.1.32/29
200.10.1.56/29

And you want to configure your ASA to accept all those IPs as your own public addresses. Is that what you meant?
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: disjointed external static ip's on same ASA5505? 7 years 10 months ago #27999

this is what the isp gave me:

Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248

I am thinking their calculations are wrong but with the garbage they have been sending me lately, I cannot think straight....

xxx.yyy.239.4 is my ASA5505
The administrator has disabled public write access.

Re: disjointed external static ip's on same ASA5505? 7 years 10 months ago #28003

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248

Yes this one is wrong as you said. If the /28 is correct then the subnetmask should be 255.255.255.240 not 255.255.255.248. I'd check with the ISP again.

Having that cleared out. My question to you is what do you want to do with that extra range (xxx.yyy.238.240) ? For example, do you want to assign them to some web servers that you to be accessible from the internet ? If that is what you want to do then YES you can use the static command to map them to your internal server IPs.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

Re: disjointed external static ip's on same ASA5505? 7 years 10 months ago #28005

yes, that is what I thought:

Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.248

should be:

Connection Network: xxx.yyy.239.0 /29
Customer Equipment: xxx.yyy.239.4 (can also use .5 and .6)
Default Gateway: xxx.yyy.239.1
Netmask: 255.255.255.248

Routed Blocks: xxx.yyy.238.240 /28
Netmask: 255.255.255.240

that is what I told them, they argued with me for a while...so...can you throw an example of how to utilize one of those routed block ip's.....

I am a cisco wannabe so I have no clue....
The administrator has disabled public write access.

Re: disjointed external static ip's on same ASA5505? 7 years 10 months ago #28009

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
Sure, Say you have a web server with inside IP 192.160.1.50 and you want the outside (internet) to be able to browse the web pages on the server. You want the public IP for server to be xxx.yyy.238.241 /28. You use a static command like this

[code:1]static (inside,outside) xxx.yyy.238.241 192.160.1.50 netmask 255.255.255.255[/code:1]

You also need an access list to allow inbound traffic to enter the outside interface. Some thing like this:

[code:1]access-list outside_access_in extended permit ip any host xxx.yyy.238.241
access-group outside_access_in in interface outside[/code:1]
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup