Announcement

Collapse
No announcement yet.

Asa 5510 with 5 public IP Adresses

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Asa 5510 with 5 public IP Adresses

    //new Explanation
    Hello, now when i read my text myself i see it could be hard to understand, so new:

    So explanation of my environment:
    Modem -- Switch -- connected to -- router --- Behind router Network internal and network DMZ

    So see the environment with the ip adresses:
    Modem(Here are the IP gateways 78.10.0.1 and 86.30.0.1)
    Router (Outside interface going to modem) 78.10.0.2
    Inside 192.168.0.0
    DMZ 172.18.0.0

    From the ISP i get the public IP-Adress-Networks 78.10.0.0 /28 and a second network with 86.30.0.0 /28

    I have declared a default route ip on the router
    default route ip outside 0.0.0.0 0.0.0.0 78.10.0.1

    Now my internal network with 192.168.0.0 can reach the internet with NAT enabled. It is working

    So but now i want that my DMZ reaches the Internet over the public IP 86.30.0.X.
    But the problem is, how can i told the router that the gateway for the 86.30.X.X network is also on the outside interface 78.10.0.1?

    I have declared a second default route with
    ip route outside 0.0.0.0 0.0.0.0 86.30.0.1
    but this isn`t working

    Now i hope it is clear what i want to achieve
    Thanks for your help



    //OLD Explanation
    Hello everyone,
    i have a default route outside with 78.10.X.X
    All my clients in my Inside-network can go into the internet with nat enabled. Working

    Now i have 5 public IP-Adresses (86.30.X.X) .
    I will give these five adresses clients - static.
    So that i have to configure the client-network-connection with Public IP, Gateway and so on.

    I have created a special DMZ with 86.30.0.2 with the gateway. The 86.30.0.1 adress is the ISP.

    Now i have no idea if i should configure nat, because i don`t want it. The clients should go through the firewall without natting. So i left it.

    But the problem is my clients cannot go into the internet. A ping from the asa to 86.30.0.1 is working and also the clients reach the 86.30.0.2 gateway.

    What should i configure, that it is working?
    Packet tracer inside ASA says that all is fine, but when i monitor the clients i get the message:
    An ICMP session is removed in the fast-path when stateful ICMP is enabled using the inspect icmp command
    only warnings no errors.

    Access rules is all permit true.

    I hope anybody can give me an advice
    Thanks and nice evening

    //EDIT
    I think the problem could be on the default route "outside 0.0.0.0 0.0.0.0 78.10.0.5
    on this outside interface there is a switch with trunk mode and there are two networks from isp (78.X.X.X and the 86.X.X.X) connected.

    But the 78.10.0.5 is the wrong gateway for the 86.30.X.X network.
    Should i define another default route(s) or how can i say that both 78 network and 86 network should go out on the outside interface, but both networks have different ISP-Gateways.
    I hope it is clear what i mean -> One outside interface for 2 different networks.

    Access Rules are permit all.

    Thanks
    Last edited by Paul279; 17th December 2013, 09:03.
Working...
X