Is it possible to configure the Cisco ASA 5510 with "white" IP addresses from the same subnet?

Z

Zueuk2017-05-29 11:56:47

Cisco

Zueuk, 2017-05-29 11:56:47

There is a set of "white" IP addresses from one subnet (for example, I will use private addresses):
172.16.136.72-76 (external addresses), mask / 24
For each external ip, you need to configure rules for the internal network segment. From the read documentation, it became clear that we need NAT rules for outgoing connections.
How to set up rules for incoming connections? After all, ASA does not allow different interfaces to set IP addresses from the same subnet.
The firmware version is asa915-k8.bin.
172.16.136.72 - reserve;
172.16.136.73 - reserve;
172.16.136.74 - to connect external clients to internal resources 10.0.154.0/29;
172.16.136.75 - for internal clients, Internet access, segment 10.1.154.0/24;
172.16.136.76 - reserve;
172.16.136.1 - provider gateway

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Maxim Grishin, 2017-05-29
@Zueuk

Hm. Natish one subnet for .74, the second for .75, both with PAT enabled, should be enough.
That is, you go to ASDM (it’s easier with it, but I don’t know the syntax of the rules for aces) firewall -> NAT rules, create a source interface rule corresponding to the internal subnet, destination interface outside, packet source 10.0.154.0/29 destination any, set its address where to broadcast and Dynamic PAT (Hide) translation mode. The same for the second network, change the output IP address, source network and interface if necessary.