10-02-2008 06:30 AM - edited 03-11-2019 06:52 AM
I am green when it comes to firewalls.
I currently have a PIX 506 and we are upgrading to an ASA 5510. It has had so many changes that I want to start fresh. So I am not really trying to view the 506 config and duplicating it.
The 5510 has ASA v 8.04. ASDM v 6.1.3
I ran through the VPN config wizard. so I think that is good. I have a general setup with internal smtp, ftp, and an ISA server for http access.
Do I need to add all my internal servers that access the internet as objects and all their associated public IPs to the network objects list?
When I NAT say my internal email server. Do I only need one NAT rule? this will then translate both inbound and outbound email? Or do I need both inbound rule and outbound NAT rules?
then my access rule would be outside from any to inside (internal smtp server) SMTP protocol permit.
This will then translate incoming SMTP from anywhere to the internal email server for only smtp? this would then be the same for ftp, ect?
Would I need an outgoing rule so only email from my mail server would be allowed to the ASA?
10-02-2008 06:41 AM
for nating when u creat static nat with two IPs one say for public onoutisde and other for private in isde this will work two way
u need ACL that permit traffic for that public IP on a spisific port to let the traffic come from internet and the source as u said any
good luck
if helpful Rate
10-02-2008 06:59 AM
thank you for the quick response.
So I need to add all my servers and public IPs to the objects list.
and do I need the ACL for inside to out, so only the smtp server can send email outside?
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide