Re: two IP outside Cisco ASA 5505

fernando-zavaleta-cisco · ‎03-05-2011

Dear,

escribe my situation:

What I need is to configure two IP addresses public my ISP in my ASA.

To respond from the Internet: a IP for my web server and DB and the other applications,

vpn, etc.

I have an ASA 5505 with lincencia Securuty Plus.

The network in the organization is:

Outside

Inside

DMZ

In the DMZy come to a single IP internet.

One of them is web applications and database, what I'm looking to do is that you can access these applications from the Internet to an IP different from today.

For more detail current configuration attachment.

From already thank you for your cooperation.

praiyeng · ‎03-09-2011

Hi,

I am unable to get the exact requirement.

Provide an appropirate problem description.

fernando-zavaleta-cisco · ‎03-09-2011

I need to provide access from the Internet by two public IP:

x.x.x.12 for vpn, http (dmz server1)
x.x.x.13 for http, https, DB. (Server2 dmz)

thank you!

praiyeng · ‎03-09-2011

Correct me if i am wrong :

Problem Description:

-------------------------------

Port forward http to x.x.x.12 on the dmz and the https and DB to x.x.x.13 on the dmz.

Which port would the DB work on ?

Do you want the servers to be visible by the interface ip in the Internet

fernando-zavaleta-cisco · ‎03-09-2011

I need use two IP public adress in outside assigned for my ISP

precisely, i need Port forward for public direfent adrees IP.

server1 - 8080 http, https to: x.x.x.12

ASA - vpn to: x.x.x.12

Server2 - SMTP, http, https, 8086 to: x.x.x.13

The por of BBDD is 8086

Currently only be accessed from the Internet server1 and ASA

thanks!

praiyeng · ‎03-09-2011

Port forwarding can be achieved by the following command if you are running ASA <8.3 :

static [(internal_if_name, external_if_name)] {tcp|udp} {global_ip|interface} global_port local_ip local_port

fernando-zavaleta-cisco · ‎03-09-2011

hi!

very thanks! it is the configuration:

static (dmz,outside) tcp x.x.x.13 www server2 www netmask 255.255.255.255

static (dmz,outside) tcp x.x.x.13 https server2 https netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host x.x.x.13 eq www

access-list outside_access_in extended permit tcp any host x.x.x.13 eq https

We reported the news after setting ASA.

praiyeng · ‎03-09-2011

You have setup for http and https ?

You need the setup for other 2 right ?

static (dmz,outside) tcp x.x.x.13 smtp server2 smtp netmask 255.255.255.255

static (dmz,outside) tcp x.x.x.13 8086 server2 8086 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host x.x.x.13 eq smtp

access-list outside_access_in extended permit tcp any host x.x.x.13 eq 8086