No announcement yet.

Asa 5510 with 5 public IP Adresses

  • Filter
  • Time
  • Show
Clear All
new posts

  • Asa 5510 with 5 public IP Adresses

    //new Explanation
    Hello, now when i read my text myself i see it could be hard to understand, so new:

    So explanation of my environment:
    Modem -- Switch -- connected to -- router --- Behind router Network internal and network DMZ

    So see the environment with the ip adresses:
    Modem(Here are the IP gateways and
    Router (Outside interface going to modem)

    From the ISP i get the public IP-Adress-Networks /28 and a second network with /28

    I have declared a default route ip on the router
    default route ip outside

    Now my internal network with can reach the internet with NAT enabled. It is working

    So but now i want that my DMZ reaches the Internet over the public IP 86.30.0.X.
    But the problem is, how can i told the router that the gateway for the 86.30.X.X network is also on the outside interface

    I have declared a second default route with
    ip route outside
    but this isn`t working

    Now i hope it is clear what i want to achieve
    Thanks for your help

    //OLD Explanation
    Hello everyone,
    i have a default route outside with 78.10.X.X
    All my clients in my Inside-network can go into the internet with nat enabled. Working

    Now i have 5 public IP-Adresses (86.30.X.X) .
    I will give these five adresses clients - static.
    So that i have to configure the client-network-connection with Public IP, Gateway and so on.

    I have created a special DMZ with with the gateway. The adress is the ISP.

    Now i have no idea if i should configure nat, because i don`t want it. The clients should go through the firewall without natting. So i left it.

    But the problem is my clients cannot go into the internet. A ping from the asa to is working and also the clients reach the gateway.

    What should i configure, that it is working?
    Packet tracer inside ASA says that all is fine, but when i monitor the clients i get the message:
    An ICMP session is removed in the fast-path when stateful ICMP is enabled using the inspect icmp command
    only warnings no errors.

    Access rules is all permit true.

    I hope anybody can give me an advice
    Thanks and nice evening

    I think the problem could be on the default route "outside
    on this outside interface there is a switch with trunk mode and there are two networks from isp (78.X.X.X and the 86.X.X.X) connected.

    But the is the wrong gateway for the 86.30.X.X network.
    Should i define another default route(s) or how can i say that both 78 network and 86 network should go out on the outside interface, but both networks have different ISP-Gateways.
    I hope it is clear what i mean -> One outside interface for 2 different networks.

    Access Rules are permit all.

    Last edited by Paul279; 17th December 2013, 09:03.