Static NAt Cisco ASA 5505

Ben McGuire · ‎10-02-2015

I am new to all this Cisco stuff so you will have to excuse me.

We have an ESXi Host that we need to configure Static NAT for.

We need to do this as our provider has wrongly added both switch ports to the outside interface.

This is what they say:-

Both e0/0 and e0/1 interfaces are assigned to vlan 1 which is configured with the management address.
e0/0 being connected to the server and e0/1 connected to the switch.
Both are outward facing as they should be.
The ASA management is accessible through both ports.

Our ESXi Host has a public IP of 123.123.123.123 ( changed Of course )

Our cPanel VM on this host has a static IP of 192.168.1.100

Our provider has stated that if we change e0/0 to the inside we then would need to setup static NAT so that we can keep connectivity to the ASA via the internal network.

Also once we setup the inside network we want DHCP setup on the ASA.

We have been going at this for days now.

What would be the best plan of attach in setting up Static NAT so that when we change interfaces we do not lose connectivity ?

I have attached our running config.

Ganesh Hariharan · ‎10-04-2015

Hi,

As per the running configuration , I can vlan 11 is used as inside and vlan 1 as outside for ISP connectivity.

First check the ASA to ISP connectivity is through and you have default route in ASA towards your ISP public ip address.

Then you can configure Static NAT configuration on ASA for exposing internal server to internet with restricted access.

and Management of ASA can be done over inside interface with allowed subnet restriction.

Once the above is successful , check out the below link for DHCP configuration on ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/dhcp.html

Hope it Help.

-GI

Rate if it Helps