Static with ACL

wasiimcisco · ‎07-31-2008

i have one global ip address x.x.188.5 and I have to servers 192.168.1.219 and 192.168.1.220. I want to advertise these servers over

the Internet on the following HTTPS & SSH.

How can i advertise these servers with one global IP address. Please help me out

dhananjoy chowdhury · ‎07-31-2008

Hi, If A.B.C.D is the global IP, and your servers 192.168.1.219 and 220 are in DMZ,

static (dmz,Outside) tcp A.B.C.D 443 192.168.1.219 443

static (dmz,Outside) tcp A.B.C.D 22 192.168.1.220 22

access-list out-in permit tcp any host A.B.C.D eq 443

access-list out-in permit tcp any host A.B.C.D eq 22

access-group out-in in interface Outside

wasiimcisco · ‎07-31-2008

thanks for the help, but now one more problem, i have my exchange server 172.15.1.2, 172.15.1.3. For internet browsing i m doing static nat for these two severs web surfacing. I want to only allow https, http and smtp for Internet browsing.

i tried this

static(inside,outside) x.x.x.x acccess-list exg-acl

access-list exg-acl extended permit tcp host 172.15.1.2 any eq https

access-list exg-acl extended permit tcp host 172.15.1.2 any eq http

access-list exg-acl extended permit tcp host 172.15.1.2 any eq smtp

access-list exg-acl extended permit tcp host 172.15.1.3 any eq https

access-list exg-acl extended permit tcp host 172.15.1.3 any eq http

access-list exg-acl extended permit tcp host 172.15.1.3 any eq smtp

but it is not working only when i allow the full ip by this

access-list exg-acl extended permit ip host 172.15.1.3 any

access-list exg-acl extended permit ip host 172.15.1.2 any

why it is so. Please let me know