Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
1
Helpful
3
Replies

Configure public IP Pool Cisco ASA 5506 to access internal servers

Go to solution
GoldTipu
Level 1
Level 1

‎02-10-2024 07:01 AM

Dear Team.

I have a Cisco ASA 5506. We have several internal servers that require public access. In addition, we have purchased public IP pool from our Internet Service Provider (ISP).

Currently, we have one WAN ip assigned directly to our WAN interface which we already using to access one internal server . 

Could you guide me on configuring the Cisco ASA to enable access to the internal servers using the public IP addresses provided by the ISP?

Also, how will the ISP route traffic to my Cisco ASA WAN? 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-10-2024 09:00 AM

@GoldTipu the ISP needs to route this new public network to the outside interface IP address of your ASA.

From the ASA you then need to create static NATs for your servers using the new public network and define an entry in the ACL permitting the traffic, example:

object network SERVER1
 host 10.1.1.1
 nat (inside,outside) static 123.123.123.1
!
access-list OUTSIDE_IN extended permit tcp any host 10.1.1.1 eq 443
access-list OUTSIDE_IN extended permit tcp any host 10.1.1.1 eq 80 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎02-10-2024 09:00 AM

@GoldTipu the ISP needs to route this new public network to the outside interface IP address of your ASA.

From the ASA you then need to create static NATs for your servers using the new public network and define an entry in the ACL permitting the traffic, example:

object network SERVER1
 host 10.1.1.1
 nat (inside,outside) static 123.123.123.1
!
access-list OUTSIDE_IN extended permit tcp any host 10.1.1.1 eq 443
access-list OUTSIDE_IN extended permit tcp any host 10.1.1.1 eq 80 

 

0 Helpful

Go to solution
GoldTipu
Level 1
Level 1
In response to Rob Ingram

‎02-10-2024 10:18 AM

@Rob Ingram 

Perfect I got it, 

I will work on this and get back to you if needed  

Really appreciate your assistance 

Thank you  

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎02-10-2024 09:25 AM

For how ISP routing the traffic toward your ASA' check with ISP it can you need to add interface in same new subnet or the ISP will routing the new subnet toward old WAN IP.

For NATing 

You need to add NAT for each server NATing to public IP (from new subnet).

nat (inside,outside) static source object-private-ip object-public-ip

MHM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card