[c-nsp] BGP/ASA/Internet Edge Design Question

jkrejci at usinternet.com jkrejci at usinternet.com
Wed Sep 29 20:48:16 EDT 2010 

The outside interface ip of the asa has no requirement to be on net with anything having to do with your pi addresses whether you are nat'ing on the asa or not. You could use rfc1918 addresses as suggested by others.

Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Donald Darko <donald.darko8 at gmail.com>
Sender: cisco-nsp-bounces at puck.nether.net
Date: Wed, 29 Sep 2010 20:27:03 
To: Ryan West<rwest at zyedge.com>
Cc: cisco-nsp at puck.nether.net<cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] BGP/ASA/Internet Edge Design Question

I guess what I'm looking at is this....If I bring another ISP into the
mix.....

ISP 1 connects to Router1 via a /30 assigned by ISP1
ISP 2 connects to Router2 via a /30 assigned by ISP2

Router1 would then need to connect to the ASA outside interface via a public
IP subnet?

The ASA outside interface is where outbound browsing traffic is NAT'd...so
it would have to be on a public network.  Correct?

On Wed, Sep 29, 2010 at 8:23 PM, Ryan West <rwest at zyedge.com> wrote:

> You can use private addressing if you like, but your provider can also
> assign you a /29 for the segment between your ASA and edge.  Try asking them
> for the extra allocation.
>
> Sent from handheld
>
> On Sep 29, 2010, at 8:08 PM, "Donald Darko" <donald.darko8 at gmail.com>
> wrote:
>
> > Hi All,
> >
> > I have a scenario where I would like to perform BGP with my current ISP
> and
> > am in need of a Internet Edge router; as currently my ASA connects
> directly
> > to them.  The IP subnet assignment that I'm using from my provider in my
> DMZ
> > will be my provider independent addresses.
> >
> > My question is....I'll need to put a new subnet between my ASA and my new
> > Internet router...it can't be a private subnet, because the Outside
> > interface of the ASA is where my web traffic is coming from.  What are my
> > options here?...try to subnet the already in use /24 provider independent
> > subnet in my DMZ and use a /29 as a connector subnet between the ASA
> Outside
> > interface and the Internet Edge router?
> >
> > Thanks
> >
> > Donald
>  > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list