06-09-2018 09:32 AM - edited 03-08-2019 03:19 PM
Hi All,
I have the following device:
Cisco Adaptive Security Appliance Software Version 9.4(4)18
Device Manager Version 7.9(2)
Compiled on Thu 29-Mar-18 22:10 PDT by builders
System image file is "disk0:/asa944-18-smp-k8.bin"
Config file at boot was "startup-config"
Hardware: ASA5512, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
ASA: 2048 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 4096MB
Short and Simple, i am NOT a cisco guy. I'm a level 3 IT technician and i work with Dell Sonicwall's and Fortinet Firewall's. However due to IP limitations we've migrating to Cisco so we can have 32+ Public IP's used on the firewall. Now, I have the device on and in our datacenter and googling the hell out of everything i'm trying to put a config together so i can go down and essentially migrate config from the current Fortigate to the Cisco ASA.
I've been to the datacenter 5 times and cannot get it right by guessing the command line. If someone could go over my config please and see what i'm doing wrong? We basically have a bunch of virtual servers running on multiple VLAN's so what I'm trying to accomplish is the following:
Private IP A out to internet showing Public Address A.
Private IP B out to internet showing Public Address B.
Private IP C out to internet showing Public Address C.
etc...
Also
Public IP A Port 80 forwarded to PrivateIP A port 80.
Public IP B Port 80 forwarded to PrivateIP B port 80.
Public IP C Port 80 forwarded to PrivateIP C port 80.
etc..
If i can get those parts done, it's only VPN's to do which I'm sure i'll figure out in ASDM wizard, but i cannot leave the Cisco in live until all our services are working via it, and they are down while I test it out. This is the latest script i'm going to test. I think this is right, but could do with a yes or no you need to change to this.
======================== OBJECT CREATION BEGIN ===============================
object network PUBLICIP_CPANEL_SERVER host X.X.X.X exit object network PRIVATEIP_CPANEL_SERVER host X.X.X.X exit
======================== PORT FORWARDING BEGIN ==========================
object network PORTFORWARD_CPANEL_TCP20 host X.X.X.X nat (inside,OUTSIDE) static PUBLICIP_CPANEL_SERVER service tcp 20 20 exit access-list CPANEL_TCP20 permit tcp any host X.X.X.X eq 20
======================== RANGE FORWARDING BEGIN ============================
object network PORTFORWARD_CPANEL_RANGE_IN host X.X.X.X nat (inside,outside) static PUBLICIP_CPANEL_SERVER exit access-list CPANEL_IN_RANGE_TCP permit tcp any host X.X.X.X range 30000 50000 access-list CPANEL_IN_RANGE_UDP permit udp any host X.X.X.X range 30000 50000
======================== OUTBOUND IP BEGIN ===============================
object network PUBLICIP_OUT_CPANEL_SERVER nat (inside,outside) source dynamic PRIVATEIP_CPANEL_SERVER PUBLICIP_CPANEL_SERVER exit
Thanks in Advance!
Solved! Go to Solution.
06-15-2018 01:28 PM
Solved this by doing the outbound IP AFTER the inbound.
06-15-2018 01:28 PM
Solved this by doing the outbound IP AFTER the inbound.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide