Need help in configuring WAN and LAN IP in Cisco ASA 5505

bmckrishna · ‎04-09-2012

Hi All,

First of all i'm sorry if i'm posting the repeated question again, have searched all the community but couldn't find the relevant answer for my question.

Please help on configuring the Cisco ASA 5505 device to access my both WAN and LAN ip. LAN ip i need to configure it for web servers to face the internet. If you have some documents are procedure please share it with me it will be much of helpful.

I'm new to this networking technology as my previous work experience have all been with servers and virtualization.

Thanks in Advance,

Chetan Krishna

Manouchehr · ‎04-09-2012

If you want your internal webserver get accessed from the internet, then you need to configure static nat in the following format,

static (inside,outside) tcp [public-ip] www [private-ip] www netmask 255.255.255.255

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html

HTH

Manouchehr

bmckrishna · ‎04-09-2012

Thanks for the reply Manochehr....!!!!

But when i tried to ping my LAN ip from WAN i'm not able to ping. Can you let me know if i can ping the LAN IP from my WAN.

Thanks in Advance,

Chetan Krishna

Manouchehr · ‎04-09-2012

How are you pinging from WAN? Have you established IPsec VPN and trying to ping from remote site?

bmckrishna · ‎04-09-2012

Currently i have configured my Cisco ASA 5505 router on WAN and added new interface for the LAN ip address with VLAN ID 3. From the router i'm trying to ping the gateway of the LAN IP.

Manouchehr · ‎04-09-2012

You won't be able to ping ASAs interface inside from outside or outside from inside. This is ASA architecture.

bmckrishna · ‎04-09-2012

Oh Okay...!!!!

Can you please let me know if there is any way for me to route the LAN IP so that i can access them with my internal IP.

Manouchehr · ‎04-09-2012

I really didn't get your question.

can you put a drawing of your topolgy? and your config? and what you want to do....

bmckrishna · ‎04-09-2012

We have a 1MBps lease line of which the vendor gave us one WAN IP to configure on router later we went back to the vendor asking to provied with LAN IP. Now he has provided us the LAN IP.

All i want to do is that, i need provide this LAN IP to my webservers so that i can access it from outside. Will this be possible. If possible how can i achieve it.

Manouchehr · ‎04-09-2012

Please read through below doc,

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html

HTH

Manouchehr

bmckrishna · ‎04-10-2012

Sorry, got confused.

From the ISP, for the leased line they have allocated two set of address.

1. WAN IP /30

2. LAN IP /29

The WAN IP is configured for outside interface. All the systems from inside interface (Private IP) are able to access the internet.

Now we want to have our one of server to be accessed directly from internet, for which the ISP says use LAN IP.

When configured one more interface with LAN IP, we are able to ping the gateway of LAN IP. But unable to access the internet from the system connected with this interface.

Need to know any routing needs to be enabled between the interfaces LAN_IP and outside interface?

or any other configuration needs to be done like exempt rule for LAN_IP's to done in NAT rules under firewall ?

bmckrishna · ‎04-11-2012

Hi All,

It worked.....!!! I went through the pdf of Cisco ASA 5505 Configuration by Harris Andrea and achived what i was looking for.

Thanks to Manochehr for responding quickly to my query and million thanks to siva prasad for providing me the pdf.