10-26-2018 07:37 AM - edited 02-21-2020 08:24 AM
Hi All
I have been given requirements by out it staff that they need to configure a server with a public IP address , This would not have a NAT , Can any one explain if its possible to protect this server behind our firewall ? As this will be on the public facing Vlan I am not sure I can
Thanks
Craig
10-26-2018 07:50 AM
10-26-2018 08:00 AM
Hi Thanks for the input ,
But the public IP is already outside the firewall on the public facing Vlan ( same vlan as the outside interface of the firewall ) then its already in front as its not natted. So traffic would hit it directly ....I think
10-26-2018 12:49 PM
Do you consider DMZ ?
11-03-2018 03:46 PM
Here's a generic config for allowing access from the Internet to a DMZ web server on port 80:
object network WEBSVR-EXT
host 100.1.1.10
object network websvr-int
host 172.16.0.10
nat (dmz,outside) static WEBSVR-EXT service tcp 80 80
access-list OUTSIDE-IN ext permit tcp any object websvr-int eq 80
Access to the server is controlled on the last line above.
Useful to run packet tracer to verify config too.
Hope that helps!
Azam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide