Using IPs Outside WAN Subnet/On Second Subnet with an ASA

I have a customer who needed to set up some external services through to an internal machine – they have a Cisco ASA 5505 running the 8.2(1) firmware. The catch?

Their usable WAN IP was something like 95.24.87.77 and was assigned as the Cisco’s outside interface, with a 95.24.87.76 gateway on a /26 network – I figured there would be plenty of IPs in that range to use, but I couldn’t – none of them worked. After some time, I called the ISP and was told they had a second subnet of usable IP addresses – 95.24.174.232/29 – with a 95.24.174.233 gateway.

I did some quick Google-foo and found a number of answers, but none demonstrating how easy and simple it is.┬áHoping to make this easy for the next guy – here’s how you do it. If you provide a route to the second subnet, a static NAT entry and an access-list entry allowing that traffic, it’ll work just fine:

route outside 95.24.174.232 255.255.255.248 95.24.174.233 1
static (inside,outside) tcp 95.24.174.234 https 192.168.1.50 https netmask 255.255.255.0
access-list outside_in extended permit tcp any host 95.24.174.234 eq https
access-list outside_in in interface outside

As soon as I entered these commands, the ASA began translating this traffic and life was good.