03-17-2022 07:35 PM
First post, hopefully have it in the right place.
I grabbed an old 5520 to run in my "play" lab at home and I have it a little snag that i'm scratching my head with.
I'm in Australia and have one of those Telstra NBN modems, my 5520 is connected to that via the outside ip of 192.168.0.1 my inside is 10.0.0.1 and all is working well, I can access everything from inside out.
Now my head scratcher, I have an internal web server/DC and VM's that originally I had port forwards on from the NBN modem to let everything through, but now to the 5520 is in between it makes for some searching.5520, Cisco Adaptive Security Appliance (ASA)
So the Q is, if the port forwards from the external IP of the NBN modem to an internal IP (say 10.0.0.100 web server) which was the working range of the NBN modem, I have since re configured the NBN to work on the 192.168.0.0 range of things.
So I'm not sure what to search for, the correct terminology?
domain.com to my NBN external IP to my port forward to my 5520 outside interface to my inside interface to my web server
Steve
Solved! Go to Solution.
03-17-2022 10:12 PM
Hi,
If you are doing PAT on the ASA, then things get a little complicated. You will need to configure static NAT on the ASA for the web server. We would need more info on you current config to give the exact configuration you would need but my rough guess is you need the following:
object network webserver
host 10.0.0.100
nat (inside, outside) static 192.168.0.2
You can have a look at the following asa doc:
Thanks
John
03-17-2022 08:28 PM
Hi,
Are you doing NAT on the ASA firewall? If you are not doing NAT on the ASA and the web server is still using the same address ,you need an extended access-list on the ASA outside interface to allow web traffic to the web server.
Have a read on access-list on the asa.
Thanks
John
03-17-2022 08:47 PM
Thanks John
PAT on this old one.
I have that in place(extended access-list entry), I think what is pulling me up is what to port forward to on the NBN Modem. I have a suspicion that the modem doesn't have that capability.
Steve
03-17-2022 10:12 PM
Hi,
If you are doing PAT on the ASA, then things get a little complicated. You will need to configure static NAT on the ASA for the web server. We would need more info on you current config to give the exact configuration you would need but my rough guess is you need the following:
object network webserver
host 10.0.0.100
nat (inside, outside) static 192.168.0.2
You can have a look at the following asa doc:
Thanks
John
03-17-2022 10:32 PM
Thanks John
I was in the ASDM, just popped it in the NAT Rules.
Thanks again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide