Solved: ASA 5510, DMZ, NAT

shortnathan · ‎12-10-2007

Hi,

I'm new to the ASA and I'm trying to set up a demo 5510 in a test environment.

There is a webserver in the DMZ that I'd like to make accessible to the inside and the outside. I have a /27 and would like to use a different IP than the interface for the webserver and I can't figure out how to get this working.

The webserver is at 172.16.0.176 and I would like to use xx.xx.184.88 to reach it from the outside. The outside interface on the ASA is xx.xx.184.90. Inside is 10.39.0.0.

Any tips?

husycisco · ‎12-10-2007

Hi Nathan

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in permit tcp any host xx.xx.184.88 eq desiredportnumberhere

For reaching from inside

static (inside,DMZ) 172.16.0.176 172.16.0.176 netmask 255.255.255.25

Regards

View solution in original post

acomiskey · ‎12-10-2007

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host xx.xx.184.90 eq www

access-group outside_access_in in interface outside

husycisco · ‎12-10-2007

Hi Nathan

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in permit tcp any host xx.xx.184.88 eq desiredportnumberhere

For reaching from inside

static (inside,DMZ) 172.16.0.176 172.16.0.176 netmask 255.255.255.25

Regards

shortnathan · ‎12-10-2007

Thanks, that worked great!