IP on Outside Interface

mattrgeemattrgee Posts: 201Member
Hi all,

I'm trying to give the outside interface on an ASA 5005 an ip of 192.168.1.43, but running into problems, I'm guessing this is because its private address.

I've configured the router that the ASA connects to with a static NAT entry of: public ip > 192.168.1.43, hence why I want the ASA to 192.168.1.43 on its outside interface.

Do I have to give the outside interface another public ip? Seems a little wastefull.

Thanks.

Comments

  • rossonieri#1rossonieri#1 Posts: 800Member
    hi there,

    not enough information, but what kind of problem did you encounter to be exactly?
    AFAIK, by doing NAT on the router - you dont have to put the outside ASA interface with some public IPs.

    but, let me hear your story first :)
    the More I know, that is more and More I dont know.
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member
    The only IP restriction you'll run into are that no 2 interfaces can use an address in the same subnet. Make sure you aren't using the same subnet on a different interface, double check your subnet masks to make sure a mistake hasn't caused an overlap.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • mattrgeemattrgee Posts: 201Member
    Oops my bad, I was using for a full 32 bit mask when specifying the ip of the interface.
  • mattrgeemattrgee Posts: 201Member
    Actually, another quick question:

    I've configured a site to site VPN between our network and a third parties, when they connect to a machine in our network what IP address is being used?

    For instance:

    Remote network
    ASA Outside Int
    ASA Inside Interface
    Machine on LAN
    192.168.214.0
    192.168.1.10
    10.1.1.1
    10.1.1.2

    So if I did a packet capture when someone on the remote network connected to 10.1.1.2, would the source address of that connection be the address of the ASA Inside Interface?

    Thanks.
  • AhriakinAhriakin SupremeNetworkOverlord Posts: 1,800Member
    The MAC would be of the ASA Inside but the IP will be preserved from the source, presuming you are not NAT'ing them (just like std. routing, the VPN is really just a virtual circuit of sorts).
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
Sign In or Register to comment.