[c-nsp] BGP/ASA/Internet Edge Design Question

Donald Darko donald.darko8 at gmail.com
Wed Sep 29 20:51:27 EDT 2010 

Sorry, just confused here...

So on the outside interface of the ASA...connecting into the Internet Router
I could use private addresses?

I'd think that I would want my outbound Internet web traffic to be sourced
from my Provider Independant IP subnet.  How would that work?

On Wed, Sep 29, 2010 at 8:48 PM, <jkrejci at usinternet.com> wrote:

> The outside interface ip of the asa has no requirement to be on net with
> anything having to do with your pi addresses whether you are nat'ing on the
> asa or not. You could use rfc1918 addresses as suggested by others.
>
> Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: Donald Darko <donald.darko8 at gmail.com>
> Sender: cisco-nsp-bounces at puck.nether.net
> Date: Wed, 29 Sep 2010 20:27:03
> To: Ryan West<rwest at zyedge.com>
> Cc: cisco-nsp at puck.nether.net<cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] BGP/ASA/Internet Edge Design Question
>
> I guess what I'm looking at is this....If I bring another ISP into the
> mix.....
>
> ISP 1 connects to Router1 via a /30 assigned by ISP1
> ISP 2 connects to Router2 via a /30 assigned by ISP2
>
> Router1 would then need to connect to the ASA outside interface via a
> public
> IP subnet?
>
> The ASA outside interface is where outbound browsing traffic is NAT'd...so
> it would have to be on a public network.  Correct?
>
> On Wed, Sep 29, 2010 at 8:23 PM, Ryan West <rwest at zyedge.com> wrote:
>
> > You can use private addressing if you like, but your provider can also
> > assign you a /29 for the segment between your ASA and edge.  Try asking
> them
> > for the extra allocation.
> >
> > Sent from handheld
> >
> > On Sep 29, 2010, at 8:08 PM, "Donald Darko" <donald.darko8 at gmail.com>
> > wrote:
> >
> > > Hi All,
> > >
> > > I have a scenario where I would like to perform BGP with my current ISP
> > and
> > > am in need of a Internet Edge router; as currently my ASA connects
> > directly
> > > to them.  The IP subnet assignment that I'm using from my provider in
> my
> > DMZ
> > > will be my provider independent addresses.
> > >
> > > My question is....I'll need to put a new subnet between my ASA and my
> new
> > > Internet router...it can't be a private subnet, because the Outside
> > > interface of the ASA is where my web traffic is coming from.  What are
> my
> > > options here?...try to subnet the already in use /24 provider
> independent
> > > subnet in my DMZ and use a /29 as a connector subnet between the ASA
> > Outside
> > > interface and the Internet Edge router?
> > >
> > > Thanks
> > >
> > > Donald
> >  > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list