Adding IP Addresses to Your Server's Cisco ASA 5505 Firewall (Loopback)
Some of the information in this article is advanced material we make available as a courtesy. Please be advised that you are responsible for properly following the procedures below. Customer Support cannot assist with these topics.
When you receive additional IPs for your server, you have to configure your server and firewall to accept requests from them.
Note: We configure all of your server's IP addresses automatically whenever you reprovision your server. However, reprovisioning erases all content from your server's hard drives. For more information, see Starting over with My Server (Reprovision)
We automatically configure additional IP addresses for Virtual Private Servers (VPS).
To configure additional IPs, you must create two static translation rules, one for outside traffic and one for inside traffic.
Note: For this example, we assume that the next available internal IP address is 10.0.0.2
.
To Add an IP Address to the Cisco ASA 5505 Firewall
- In a Web browser, navigate to https://[your firewall management IP address]/. For more information, see Access my Linux server's firewall console.
Note: Depending on which Cisco ASDM version you have installed, several options might display. If so, click Run ASDM Applet.
- You may receive a number of security certificate warnings. If you accept the certs and save them as "Trusted," you avoid warnings in the future.
- When prompted, enter your server user name and firewall password, and then click OK. You are prompted to log in twice.
Note: Your browser must have Java enabled allow pop-ups from your management IP.
- In the Device Manager toolbar, click Configuration.
- Click Firewall.
- On the left, click NAT.
- Under Configuration > Firewall > NAT Rules, click + Add, and then select Add Static NAT Rule.
- The remaining steps depend on which information displays:
If you are presented with:
Interface: inside
Source:
TRANSLATED
Interface: outside
Use IP Address:
(If you are not presented with this, click here.)
Make the following changes, and then click OK:
- ORIGINAL
- Interface — Select inside.
- Source — Type 10.0.0.2.
- TRANSLATED
- Interface — Select outside.
- Use IP Address — Enter your new IP address.
Now you need to add a second static NAT rule.
- Under Configuration > Firewall > NAT Rules, click + Add, and then select Add Static NAT Rule.
- Complete the on-screen fields, and then click OK:
- ORIGINAL
- Interface — Select outside.
- Source — Enter your new IP address.
- TRANSLATED
- Interface — Select inside.
- Use IP Address — Type 10.0.0.2.
- ORIGINAL
- Click Apply.
- Close the Firewall Device Manager, and then click Save.
- Add the internal IP address to your server. For more information, click here.
If you are presented with:
Interface: inside
IP Address:
Netmask: 255.255.255.255
STATIC TRANSLATION
Interface: outside
IP Address:
Make the following changes, and then click OK:
- REAL ADDRESS
- Interface — Select inside.
- IP Address — Type 10.0.0.2.
- Netmask — Type 255.255.255.255.
- STATIC TRANSLATION
- Interface — Select outside.
- IP Address — Enter your new IP address.
Now you need to add a second static NAT rule.
- Click OK.
- Under Configuration > Firewall > NAT Rules, click + Add, and then select Add Static NAT Rule.
- Complete the on-screen fields, and then click OK:
- REAL ADDRESS
- Interface — Select outside.
- IP Adress — Enter your new IP address.
- Netmask — Type 255.255.255.255.
- STATIC TRANSLATION
- Interface — Select inside.
- IP Address — Type 10.0.0.2.
- REAL ADDRESS
- Click Apply.
- Close the Firewall Device Manager, and then click Save.
- Add the internal IP address to your server.
Now you must add the internal IP address to your server. The process differs depending on your server's operating system.
Note: We monitor IP address allocation. Attempting to add IP addresses to your server that you did not purchase violates your terms of service agreement and may result in the suspension of your account.