Cisco ASA: Multiple static IPs on a single interface
You can't assign multiple IPs on the same interface to the unit itself.
What you can do is create a virtual interface on the same physical port with a different VLAN number, assign the 172 IP to that interface, route all your traffic to 203.203.203.203 through that, and then have something external to the ASA sit on the same VLAN and take care of routing that traffic further out.
Related videos on Youtube
06 : 29
06 : 27
06 : 27
02 : 00
08 : 45
Comments
-
DrStalker over 1 year
I have a cisco ASA 5505 (ver 8.0.4) that currently has one IP address on the outside interface, 10.1.1.1. This is used for all communication with the outside world.
I want to add a second IP to this interface, 172.16.0.1, that will only get used for traffic to a specific remote IP (203.203.203.203)
That is, if a packet is for 203.203.203.203 it goes out the outside interface with a source IP of 172.16.0.1; any other traffic goes out the outside interface with a source IP of 10.1.1.1
The current config:
interface Vlan2 nameif outside security-level 0 ip address 10.1.1.1 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! global (outside) 1 interface route outside 0.0.0.0 0.0.0.0 10.1.1.1 1How can I add this second IP and make the required routing tweaks?
-
DrStalker over 14 yearsI'm not trying to configure this additional IP for NAT, it's for the ASA itself for VPN purposes (as you deduced the 172.16.0.1 is really a routable IP)