Adding IP Addresses to Your Server's Cisco ASA 5505 Firewall (Loopback)
WARNING: We have multiple configuration methods for our servers' networking. To make sure you use the correct procedure when configuring additional IPs on your server, please see Adding IP Addresses to Your Dedicated Server.
Some of the information in this article is advanced material we make available as a courtesy. Please be advised that you are responsible for properly following the procedures below. Customer Support cannot assist with these topics.
When you receive additional IPs for your server, you have to configure your server and firewall to accept requests from them.
NOTE: We configure all of your server's IP addresses automatically whenever you reprovision your server. However, reprovisioning erases all content from your server's hard drives. For more information, see Starting over with My Server (Reprovision)
We automatically configure additional IP addresses for Virtual Private Servers (VPS).
To configure additional IPs, you must create two static translation rules, one for outside traffic and one for inside traffic.
NOTE: For this example, we assume that the next available internal IP address is 10.0.0.2
.
To Add an IP Address to the Cisco ASA 5505 Firewall
- In a Web browser, navigate to https://[your firewall management IP address]/. For more information, see Accessing Your Server's Firewall Console.
NOTE: Depending on which Cisco ASDM version you have installed, several options might display. If so, click Run ASDM Applet.
- You may receive a number of security certificate warnings. If you accept the certs and save them as "Trusted," you avoid warnings in the future.
- When prompted, enter your server user name and firewall password, and then click OK. You are prompted to log in twice.
NOTE: Your browser must have Java enabled allow pop-ups from your management IP.
- In the Device Manager toolbar, click Configuration.
- Click Firewall.
- On the left, click NAT.
- Under Configuration > Firewall > NAT Rules, click + Add, and then select Add Static NAT Rule.
- The remaining steps depend on which information displays:
If you are presented with:
Interface: inside
Source:
TRANSLATED
Interface: outside
Use IP Address:
(If you are not presented with this, click here.)
Make the following changes, and then click OK:
- ORIGINAL
- Interface — Select inside.
- Source — Type 10.0.0.2.
- TRANSLATED
- Interface — Select outside.
- Use IP Address — Enter your new IP address.
Now you need to add a second static NAT rule.
- Under Configuration > Firewall > NAT Rules, click + Add, and then select Add Static NAT Rule.
- Complete the on-screen fields, and then click OK:
- ORIGINAL
- Interface — Select outside.
- Source — Enter your new IP address.
- TRANSLATED
- Interface — Select inside.
- Use IP Address — Type 10.0.0.2.
- ORIGINAL
- Click Apply.
- Close the Firewall Device Manager, and then click Save.
- Add the internal IP address to your server. For more information, click here.
If you are presented with:
Interface: inside
IP Address:
Netmask: 255.255.255.255
STATIC TRANSLATION
Interface: outside
IP Address:
Make the following changes, and then click OK:
- REAL ADDRESS
- Interface — Select inside.
- IP Address — Type 10.0.0.2.
- Netmask — Type 255.255.255.255.
- STATIC TRANSLATION
- Interface — Select outside.
- IP Address — Enter your new IP address.
Now you need to add a second static NAT rule.
- Click OK.
- Under Configuration > Firewall > NAT Rules, click + Add, and then select Add Static NAT Rule.
- Complete the on-screen fields, and then click OK:
- REAL ADDRESS
- Interface — Select outside.
- IP Adress — Enter your new IP address.
- Netmask — Type 255.255.255.255.
- STATIC TRANSLATION
- Interface — Select inside.
- IP Address — Type 10.0.0.2.
- REAL ADDRESS
- Click Apply.
- Close the Firewall Device Manager, and then click Save.
- Add the internal IP address to your server.
Now you must add the internal IP address to your server. The process differs depending on your server's operating system.
Linux
Fedora/CentOS
- At root, copy
"/etc/sysconfig/network-scripts/ifcfg-eth0
to
/etc/sysconfig/network-scripts/ifcfg-eth0:0
. - Edit
/etc/sysconfig/network-scripts/ifcfg-eth0:0
, changing the IP to the new internal IP, and changing DEVICE toeth0:0
. - Restart the network service using this command:
service network restart.
Ubuntu
- Edit
/etc/network/interfaces
. - Add the following lines to the bottom of the file:
# The secondary network interface
auto eth0:0
iface eth0:0 inet static
address 10.0.0.2
netmask 255.255.255.0 - Restart the network service using the following command:
/etc/init.d/networking restart
Windows
- Access your server via Remote Desktop. For more information, see Connect via Remote Desktop (RDC) to your Windows server.
- From the Start menu, select Network.
- In the upper-left, double-click Network and Sharing Center.
- On the left, click Change Adapter Settings.
- Right-click Local Area Connection, and then select Properties.
- Select Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
- Select Use the following IP address, complete the following fields, and then click OK:
- IP Address — Enter your server's new internal IP address.
- Subnet Mask — Type
255.255.255.0
NOTE: We monitor IP address allocation. Attempting to add IP addresses to your server that you did not purchase violates your terms of service agreement and may result in the suspension of your account.