02-04-2020 11:05 PM
Hi, I would need some assistance on how to configure 2 outside interface. Each ISP (outside) interface have /28 IP Address and the other one is /30 IP Address. My intention is to put the servers behind the FW so each ISP is related to one of the inside (server) interface so it's not failover connection for the outside interface. PFA network diagram for better understanding. Each server needs to access bidirectional connections like the Internet, RDP and block some ports. There's 1 server does have a dedicated public IP /30 I need to connect to FW to set some limitation on the ports. I'm trying to simulate it using our spare ASA5512 but I'm having a hard time to make it work. I don't know if it's doable or not. Please advise. thanks
interface GigabitEthernet0/0
nameif outside <---- (ISP 1)
security-level 0
ip address x.x.x.x 255.255.255.240
!
interface GigabitEthernet0/1
nameif inside-2
security-level 100
ip address 10.0.0.1 255.255.240.0
!
interface GigabitEthernet0/2
nameif outside-1 <--- (ISP 2)
security-level 0
ip address x.x.x.x 255.255.255.252
!
interface GigabitEthernet0/3
nameif inside-3
security-level 100
ip address 172.16.1.1 255.255.255.0
object network Server-1
host 10.0.0.2
object network Server-2
host 172.168.1.15
access-list OUT_IN extended permit tcp any host 10.0.0.2 eq www
access-list OUT_IN extended permit tcp any host 10.0.0.2 eq 3389
access-list OUT_IN extended deny icmp any any echo
object network Server-1
nat (inside-2,outside) static x.x.x.x <---- Next available public IP for /28
access-group OUT_IN in interface outside
route outside 0.0.0.0 0.0.0.0 (Facing to ISP 1 Interface) 1
02-14-2020 12:03 AM
Hi, the Internet is working fine based on the configuration you suggested that is shown on the network diagram (attached) but the only concern is what is the correct configuration on ACL, NAT, Network Object/Service to be able outside network to access the inside network (server-2) to permit it like SSH, Telnet, RDP and so on and to deny some ports.
02-14-2020 12:36 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide