Monthly Archives: August 2014

Using IPs Outside WAN Subnet/On Second Subnet with an ASA

I have a customer who needed to set up some external services through to an internal machine – they have a Cisco ASA 5505 running the 8.2(1) firmware. The catch?

Their usable WAN IP was something like and was assigned as the Cisco’s outside interface, with a gateway on a /26 network – I figured there would be plenty of IPs in that range to use, but I couldn’t – none of them worked. After some time, I called the ISP and was told they had a second subnet of usable IP addresses – – with a gateway.

I did some quick Google-foo and found a number of answers, but none demonstrating how easy and simple it is.┬áHoping to make this easy for the next guy – here’s how you do it. If you provide a route to the second subnet, a static NAT entry and an access-list entry allowing that traffic, it’ll work just fine:

route outside 1
static (inside,outside) tcp https https netmask
access-list outside_in extended permit tcp any host eq https
access-list outside_in in interface outside

As soon as I entered these commands, the ASA began translating this traffic and life was good.