Answer the question
In order to leave comments, you need to log in
Is it possible to configure the Cisco ASA 5510 with "white" IP addresses from the same subnet?
There is a set of "white" IP addresses from one subnet (for example, I will use private addresses):
172.16.136.72-76 (external addresses), mask / 24
For each external ip, you need to configure rules for the internal network segment. From the read documentation, it became clear that we need NAT rules for outgoing connections.
How to set up rules for incoming connections? After all, ASA does not allow different interfaces to set IP addresses from the same subnet.
The firmware version is asa915-k8.bin.
172.16.136.72 - reserve;
172.16.136.73 - reserve;
172.16.136.74 - to connect external clients to internal resources 10.0.154.0/29;
172.16.136.75 - for internal clients, Internet access, segment 10.1.154.0/24;
172.16.136.76 - reserve;
172.16.136.1 - provider gateway
Answer the question
In order to leave comments, you need to log in
Hm. Natish one subnet for .74, the second for .75, both with PAT enabled, should be enough.
That is, you go to ASDM (it’s easier with it, but I don’t know the syntax of the rules for aces) firewall -> NAT rules, create a source interface rule corresponding to the internal subnet, destination interface outside, packet source 10.0.154.0/29 destination any, set its address where to broadcast and Dynamic PAT (Hide) translation mode. The same for the second network, change the output IP address, source network and interface if necessary.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question