04-06-2011 03:34 PM - edited 03-12-2019 06:01 PM
Hello to those interested
I'm trying to setup a zone behind my firewall with complete publicly routeable IP addresses for 3 servers. The reason I'm doing this is I am in the network setup stage of an OCS implementation, and OCS connections don't behave well with NAT.
My device is a ASA5520. I have an internal zone, and a dmz zone. These are done via standard NAT configurations.
My question is this:
Is it possible to setup connectivity to the outside with internal servers that have Public IP's directly on their NIC's? Another little detail of interest is that this ip space is seperate than the one that's on current Outside interface facing our ISP. However we own both address space.
04-06-2011 04:07 PM
Nat the DMZ to itself to the outside. Then so long as the ISP is routing traffic for the second IP space to your firewall or router then you should be good. Not sure what you Internet router setup is like.
Sent from Cisco Technical Support iPhone App
04-06-2011 06:04 PM
I don't understand thist part
"Nat the DMZ to itself to the outside"...can you give me an example?
Also we have no idea how our ISP router is. We don't have any access to it. I might have to call them to get any details.
04-06-2011 06:11 PM
you can do the following:
static (dmz,outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.0
this way anything heading from the DMZ to the outside will be NAT'ed to itself.
As for the ISP portion, you will need to understand how the other IP Address space wil be routed to the firewall. That's all..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide