02-23-2017 04:30 PM - edited 03-12-2019 01:58 AM
hi Everyone, hope you can help. I just got a ASA 5508 with IOS 9.6 running on it. Of course...I failed with my initial setup, and hope you can help to guide me thru the setup... My setup should not be complicating.... I really appreciate your help in advance.
I have two networks. 192.168.200.0 is on outside (outside interface is 192.168.200.254). 172.20.0.54 is a host located at 172.20.0.x/24 network, inside network. Inside interface on the asa will be 172.20.0.254).
in fact, little note, this 172.x network is a dmz in another 5585 ASA with dmz interface 172.20.0.1. On the 172.20.0.54 has an alternate route so for 192.168.200 network it will route to 172.20.0.254 while 172.20.0.1 is its default internet gateway.
From the 192.168.200 network, it can only access to the host 172.20.0.54 (not any other hosts in there, while 172.20.0.54 can access any hosts in the 192.168.200 network.
In this case, how do I setup in the ASA 5508? So there should be no NAT for the host 172.20.0.54 right? How the setup should be? So far I have interface 1/2 setup as outside, and 1/8 setup as inside interface, I also setup nat "does not" change for 172.20.0.54, and allow 192.168.200. to access to 172.20.0.54 on the outside acl.
On an very old 5505 8.3 iOS, I need to setup nat0 for the 172.20.0.54. I also needed to setup vlans to match the vlan # I have for the two network in order to works. But it looks like 5508 is totally different.
If my settings are confusing, please guide me thru what the setup should be. Hope you can help. My deadline is approaching...
Thank you for your help.
Takami Chiro
Solved! Go to Solution.
02-25-2017 06:48 AM
Could you provide a network diagram of your setup with relevant private IPs and how the 5585, 5508 and 5505 are connected.
--
Please remember to select a correct answer and rate helpful posts
02-25-2017 06:48 AM
Could you provide a network diagram of your setup with relevant private IPs and how the 5585, 5508 and 5505 are connected.
--
Please remember to select a correct answer and rate helpful posts
03-02-2017 04:08 PM
Hi Marius,
I am sorry to reply you late...has been caught by the deadlines and did not get any alerts for your response...hope you do not mind.
I think I have figured out what I have done wrong. What I did wrong was to setup the NAT wrongly. I am not good at command...but by using GUI, I setup the server that does not need to be nat from outside to inside. THen now the server can be accessed from outside correctly. The ACL also applied correctly with the way we wanted.
Therefore, I am totally fine now :) Again, thank you for your response, and I really appreciated it.
Takami Chiro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide