Two IP Ranges behind Cisco C881 and Cisco ASA 5506

a.krijnen1 · ‎05-29-2016

Hi everyone,

Original situation is that we had one IP Range 1xx.35.133.x/29 behind a Cisco C881-K9. The IP Range is being used on VLAN 1. The LAN goes to a Cisco ASA 5506 and there the traffic continues to our internal network.

Because I need more IP addresses we got a new IP Range 1xx.35.135.x/29. Those IP's are needed physically on virtual servers. Since I am no expert it is more difficult than expected to do it properly so I need your advise into it.

I was thinking of making a new VLAN with the IP Range on our Cisco Router and continue the traffic to a new interface on our Cisco ASA. The issue is that I want to have those address attached to my virtual machines without NAT?

How can achieve this in a secure and best way?

Thanks a lot for any suggestions and help

Karsten Iwen · ‎05-29-2016

On the c881, you have to add a static route for the new network with a next hop of the ASA in your public network.
On the ASA, you add n new interface that uses these new IP network. This interface is connected to a new DMZ-Vlan on the connecting switch
The new VLAN is added to the trunk to the VMware-host where you can assign the public addresses to the VMs.

a.krijnen1 · ‎06-03-2016

Ok, what I have done is as following

1. I've created the static route.

2. I've enabled a physical interface with the IP of the network with the name DMZ.

3. I've created a new DMZ-Vlan on the connecting switch

4. I've added the VLAN to the Hyper-V server Switch

5. I Added the IP to the new Virtual Machine with VLAN for DMZ

I don't have any response. Maybe I am wrong in this, because it is my learning curve:

1. I have attached a cable from my Router to the ASA. This is my DMZ interface

Do I need to configure something else, did I miss something here. I am not an expert in networking or in these type of configurations.