We have it configured and working. Here is the config we ended up with:

sunASA# sho run

: Saved

:

ASA Version 8.2(5)

!

hostname sunASA

enable password we6FLtDQaEWgnshV encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

name 71.13.207.147 Ext147

name 71.13.207.148 Ext148

name 71.13.207.149 Ext149

name 71.13.207.150 Ext150

name 192.168.1.2 Int2

name 192.168.1.3 Int3

name 192.168.1.250 Int250

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 71.13.207.146 255.255.255.248

!

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group service Ext148Services tcp

description External Mac Server Services

port-object eq 8080

port-object eq www

access-list outside_access_in extended permit tcp any host Ext148 object-group Ext148Services

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

icmp unreachable rate-limit 1 burst-size 1

icmp deny any outside

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp Ext148 www Int250 www netmask 255.255.255.255

static (inside,outside) tcp Ext148 8080 Int250 4522 netmask 255.255.255.255

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 71.13.207.145 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

aaa authorization command LOCAL

aaa authorization exec LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh 192.168.1.0 255.255.255.0 inside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username oeiadmin password 9DRNhjMtDBmrsdKh encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

!

service-policy global_policy global

privilege cmd level 3 mode exec command perfmon

privilege cmd level 3 mode exec command ping

privilege cmd level 3 mode exec command who

privilege cmd level 3 mode exec command logging

privilege cmd level 3 mode exec command failover

privilege cmd level 3 mode exec command packet-tracer

privilege show level 5 mode exec command import

privilege show level 5 mode exec command running-config

privilege show level 3 mode exec command reload

privilege show level 3 mode exec command mode

privilege show level 3 mode exec command firewall

privilege show level 3 mode exec command asp

privilege show level 3 mode exec command cpu

privilege show level 3 mode exec command interface

privilege show level 3 mode exec command clock

privilege show level 3 mode exec command dns-hosts

privilege show level 3 mode exec command access-list

privilege show level 3 mode exec command logging

privilege show level 3 mode exec command vlan

privilege show level 3 mode exec command ip

privilege show level 3 mode exec command ipv6

privilege show level 3 mode exec command failover

privilege show level 3 mode exec command asdm

privilege show level 3 mode exec command arp

privilege show level 3 mode exec command route

privilege show level 3 mode exec command ospf

privilege show level 3 mode exec command aaa-server

privilege show level 3 mode exec command aaa

privilege show level 3 mode exec command eigrp

privilege show level 3 mode exec command crypto

privilege show level 3 mode exec command vpn-sessiondb

privilege show level 3 mode exec command ssh

privilege show level 3 mode exec command dhcpd

privilege show level 3 mode exec command vpnclient

privilege show level 3 mode exec command vpn

privilege show level 3 mode exec command blocks

privilege show level 3 mode exec command wccp

privilege show level 3 mode exec command dynamic-filter

privilege show level 3 mode exec command webvpn

privilege show level 3 mode exec command module

privilege show level 3 mode exec command uauth

privilege show level 3 mode exec command compression

privilege show level 3 mode configure command interface

privilege show level 3 mode configure command clock

privilege show level 3 mode configure command access-list

privilege show level 3 mode configure command logging

privilege show level 3 mode configure command ip

privilege show level 3 mode configure command failover

privilege show level 5 mode configure command asdm

privilege show level 3 mode configure command arp

privilege show level 3 mode configure command route

privilege show level 3 mode configure command aaa-server

privilege show level 3 mode configure command aaa

privilege show level 3 mode configure command crypto

privilege show level 3 mode configure command ssh

privilege show level 3 mode configure command dhcpd

privilege show level 5 mode configure command privilege

privilege clear level 3 mode exec command dns-hosts

privilege clear level 3 mode exec command logging

privilege clear level 3 mode exec command arp

privilege clear level 3 mode exec command aaa-server

privilege clear level 3 mode exec command crypto

privilege clear level 3 mode exec command dynamic-filter

privilege cmd level 3 mode configure command failover

privilege clear level 3 mode configure command logging

privilege clear level 3 mode configure command arp

privilege clear level 3 mode configure command crypto

privilege clear level 3 mode configure command aaa-server

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:758060bbc1cd530d19bda49003222197

: end

Any thoughts on if we could improve anything in here?

Sent from Cisco Technical Support iPad App

Please add these commands

access-list inside permit ip any any

access-group inside in interface inside

By the way, what do you mean by " If we assign 10.10.10.46 to the outside interface"... Why do you want to assign a private ip to your outside interface when you already have a public ip 71.13.207.146/29 assigned to it?

Hi Joel,

You can use 1 public ip for outside and rest other 4 IP's you can use it for Static NAT to the servers like DNS,SMTP ...etc and keep the remaining spare ip's for the future refernce. Else you can use dynamic PAT to use all the IP's for PAT purpose like the below.

global (outside) 1 71.13.207.147-71.13.207.150 netmask 255.255.255.248

nat(inside) 1 192.168.1.0 netmask 255.255.255.0

Thats up to you all i can say.

Please do rate for the helpful posts.

By

Karthik

Thanks everyone for the responses. Really appreciate the help. We have it up and running with a config very similar to the one I previously posted.

Sent from Cisco Technical Support iPad App