ASA 5505 Public IP Address Conundrum - Cisco Gurus Welcome

Bill Kindle

@NetworkNerd Charter didn't offer to setup an additional IP to move to? one on the same subnet as the newest addition?

NetworkNerd

@Bill-Kindle said:

@NetworkNerd Charter didn't offer to setup an additional IP to move to? one on the same subnet as the newest addition?

They did not. Their immediate fix was to run things with a dual subnet setup as described above. Maybe it's time to push for having both on the same subnet rather than beat my head against the wall with the above.

Bill Kindle

@NetworkNerd said:

@Bill-Kindle said:

@NetworkNerd Charter didn't offer to setup an additional IP to move to? one on the same subnet as the newest addition?

They did not. Their immediate fix was to run things with a dual subnet setup as described above. Maybe it's time to push for having both on the same subnet rather than beat my head against the wall with the above.

That's what I would push for in this situation. Charter has a few service area's here in Ohio and I've dealt with them a few more times that I liked. Worse situation I was in was when they made a network change, never alerted my customer, and took down DNS service entirely for about a week. Their tech kept telling me it was my problem. Never saw OpenDNS fail, except for that one time. I don't recall all the specifics but in short, requests weren't being routed through their network at all. Took a lot of phone time and pulling out ye old Network+ skills to prove a point.

PSX_Defector

I was gonna write up a big thing about this, but there is a easy [moderated] way to handle this.

Put a switch between the modem and the firewall. Hang another firewall off the switch using the "new" IP. Since you don't plan on the two networks communicating, no point in making things convoluted in your config. That would be easy as hell.

And if you want to be able to talk to ether network locally, just jumper a cable between them and use some quick static routes to frame traffic.

No muss, no fuss.

Dashrender

Your layout is exactly what I would expect it to be.

If you have SmartNet, The Cisco TAC will even make the changes for you.

thanksajdotcom

@PSX_Defector said:

I was gonna write up a big thing about this, but there is a easy [moderated] way to handle this.

Put a switch between the modem and the firewall. Hang another firewall off the switch using the "new" IP. Since you don't plan on the two networks communicating, no point in making things convoluted in your config. That would be easy as hell.

And if you want to be able to talk to ether network locally, just jumper a cable between them and use some quick static routes to frame traffic.

No muss, no fuss.

That makes sense.

scottalanmiller

@PSX_Defector said:

I was gonna write up a big thing about this, but there is a easy [moderated] way to handle this.

Put a switch between the modem and the firewall. Hang another firewall off the switch using the "new" IP. Since you don't plan on the two networks communicating, no point in making things convoluted in your config. That would be easy as hell.

And if you want to be able to talk to ether network locally, just jumper a cable between them and use some quick static routes to frame traffic.

No muss, no fuss.

True, good, easy option.

NetworkNerd

Thanks to all who responded here. We're going to roll with PSX's idea.

I will also tell you I posted this somewhere else and did not receive as many responses as I did here.

JaredBusch

@NetworkNerd said:

Thanks to all who responded here. We're going to roll with PSX's idea.

I will also tell you I posted this somewhere else and did not receive as many responses as I did here.

What other device you going to use? If you buy the right thing you can shitcan the entire ASA

Bill Kindle

@NetworkNerd said:

Thanks to all who responded here. We're going to roll with PSX's idea.

I will also tell you I posted this somewhere else and did not receive as many responses as I did here.

I've done something similar in my environment and it works like a charm. I had to do it with an existing L2 switch, using port isolation for an internal Checkpoint Firewall and a special router for my VoIP service. 0 problems.

NetworkNerd

@JaredBusch said:

@NetworkNerd said:

Thanks to all who responded here. We're going to roll with PSX's idea.

I will also tell you I posted this somewhere else and did not receive as many responses as I did here.

What other device you going to use? If you buy the right thing you can shitcan the entire ASA

I already had a Cisco RV180 lying around and used it for the camera traffic. The only thing I do not have setup right now is static routes.