Access Windows Server from Outside address - Page 2

woodjl1650 · ‎10-07-2011

I just purchased a domain name, that I have forwarding to my WAN address. I want to be able to access my home websie via this route. I have an ASA 5505, how do I get the ASA to point to the home server when the WAN IP address is entered?

varrao · ‎10-07-2011

Hi Jonathan,

I tried a few things and it doesn't work if you are using the outside interface of the ASA, wile accessing it from inside, for outside to inside flow it would work fine, here's the config for it:

object network private_ip

host 192.168.4.199

object service tcp_443

service tcp source eq 443

object service tcp_80

service tcp source eq 80

object service tcp_21

service tcp source eq 21

nat (outside,inside) source static any any destination static interface private_ip service tcp_80 tcp_80

nat (outside,inside) source static any any destination static interface private_ip service tcp_443 tcp_443

nat (outside,inside) source static any any destination static interface private_ip service tcp_21 tcp_21

For accessing the server on outside interface ip, firewall would not allowe that.

Workaround:

Use any other free public ip for it.

Thanks,

Varun

Thanks,
Varun Rao

Julio Carvajal · ‎10-08-2011

Hello,

As Varung says, you are going to be able to hit the outside interface of the ASA 5505 on the required ports and then be translated to the inside server only from the inside.

This because the ASA as a security device does not permit traffic going to a distant interface so just as an example if you try to ping the outisde interface of your ASA from the inside host you are not going to get any response.

So in this particular case as Varun said you have to use a different public IP from the outside interface IP, this if you want to access the internal server by a public IP from the internal network.

Hope this helps

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC