07-04-2008 12:14 AM - edited 03-11-2019 06:09 AM
Hi Guys,
I'm not the greatest on Pix/ASA firewalling. I need help with the following issue.
I have a remote site that needs to acccess one host behind an ASA. VPN is not needed here.
I would like a set of rules where i can allow any connection coming from the remote sites public ip only - in to the ip behind my ASA.
i.e.
Public IP of remote site 1.1.1.1
IP of our network 2.2.2.2
Inside interface of our ASA 192.168.1.1
Host inside out routed network 172.16.1.1
Allow all connections from 1.1.1.1 to 172.16.1.1
A bonus would be to allow ping for testing connectivity.
Thanks in advance
Stephen
Solved! Go to Solution.
07-04-2008 12:31 AM
hi,
Two things are required NAT and access-lists
the NAT configuration :
static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255
the access-lists config :
access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2
access-group out-in in interface outside
Also check whether the server 172.16.1.1 is reachable from the ASA box.
07-04-2008 12:31 AM
hi,
Two things are required NAT and access-lists
the NAT configuration :
static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255
the access-lists config :
access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2
access-group out-in in interface outside
Also check whether the server 172.16.1.1 is reachable from the ASA box.
07-04-2008 01:49 AM
Thanks for that. It looks nice and simple. the 172.16.1.1 is reachable from the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide