We've got a Cisco ASA 5510 that sits on our edge and acts as the PPPoE endpoint for a fibre connection.
The fibre connection came with a static IP, which is assigned via PPPoE, and gets picked up by the ASA. All works fine, NAT works, outbound connections from inside route correctly out over fibre etc.
We subsequently ordered a second block of IPs (/28) from the same ISP, who have done their bit. Unfortunately I can't get any traffic flowing over the newly assigned IPs.
From everything I've read the ASA shouldn't need anything special configured in order to be able to use these new IPs, if I create NAT/ACL rules I should be able to accept incoming connections on the new range, however it appears they aren't hitting the ASA at all.
Packet filter shows the NAT/ACL is setup correctly.
I've read that the second subnet should be routed at their end so that it goes via the existing /30, however the ISP is unable to set this up. They've advised the new block's gateway is the first usable address in the range.
I created a static route on the ASA to route this network via the first usable, hoping that was the issue, however it didn't solve the issue.
It sounds similar to this question - Cisco ASA: How to route PPPoE-assigned subnet? - however ours is a second subnet, not a single subnet.
The ISP has proposed ditching the existing /30 entirely and using only the /28 (which is fine if that solves the problem, we don't use the existing /30 for any incoming connections yet).
Essentially - can the ASA using PPPoE manage multiple subnets on the one interface and am I just missing something incredibly obvious, or is this something that isn't supported on the ASA and I need a router in front of it?
0 Answers