IP on Outside Interface

mattrgee

Hi all,

I'm trying to give the outside interface on an ASA 5005 an ip of 192.168.1.43, but running into problems, I'm guessing this is because its private address.

I've configured the router that the ASA connects to with a static NAT entry of: public ip > 192.168.1.43, hence why I want the ASA to 192.168.1.43 on its outside interface.

Do I have to give the outside interface another public ip? Seems a little wastefull.

Thanks.

rossonieri#1

hi there,

not enough information, but what kind of problem did you encounter to be exactly?
AFAIK, by doing NAT on the router - you dont have to put the outside ASA interface with some public IPs.

but, let me hear your story first

Ahriakin

The only IP restriction you'll run into are that no 2 interfaces can use an address in the same subnet. Make sure you aren't using the same subnet on a different interface, double check your subnet masks to make sure a mistake hasn't caused an overlap.

mattrgee

Oops my bad, I was using for a full 32 bit mask when specifying the ip of the interface.

mattrgee

Actually, another quick question:

I've configured a site to site VPN between our network and a third parties, when they connect to a machine in our network what IP address is being used?

For instance:

Remote network

---

ASA Outside Int

---

ASA Inside Interface

---

Machine on LAN
192.168.214.0

---

192.168.1.10

---

10.1.1.1

---

10.1.1.2

So if I did a packet capture when someone on the remote network connected to 10.1.1.2, would the source address of that connection be the address of the ASA Inside Interface?

Thanks.

Ahriakin

The MAC would be of the ASA Inside but the IP will be preserved from the source, presuming you are not NAT'ing them (just like std. routing, the VPN is really just a virtual circuit of sorts).