Public IP on a Cisco ASA 5505

[SmurfTurf]

I currently have a Cisco ASA 5505 Firewall and have a block of public ip addresses that come into my network. I use opendns to help filter internet traffic. I have one particular internal network that would like additional filtering, but I can't seem to get the ASA to report a different public IP address for that internal network. It only will report the ip address of the ASA firewall. Does anyone have a suggestion on how to change the external ip address for only one internal network?

 

[unclerico]

Sure, you'll implement policy NAT. Using the following addressing schemes:
192.168.1.x/24 - Internal network that can use the interface IP assigned to the ASA
192.168.2.x/24 - Internal network that needs to use a different IP address
1.1.1.x/29 - Public IP range assigned by your ISP

global (outside) 1 interface (this is 1.1.1.2)
global (outside) 2 1.1.1.3 netmask 255.255.255.248
nat (inside) 1 192.168.1.0 netmask 255.255.255.0
nat (inside) 2 192.168.2.0 netmask 255.255.255.0

This should work fine.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[SmurfTurf]

Thanks for the help. I am trying to get it to work, but I keep running into problems because it won't accept the current netmasks. The inside netmask needs to be 255.255.255.0 in order to get the entire internal network, but the external/public ip address won't allow me to change it from 255.255.255.255. The ASA won't allow the nat translation unless the netmasks match. What do you suggest?

 

[unclerico]

how about this. post a full scrubbed config in the ASA forum. We'll get you taken care of over there.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)