02-17-2009 11:14 AM
Hello All,
I have an ISP that has given me a bunch of public IP's but my gateway is a private address.(point to point to the ISP Router).
I have attached this line to an ASA 5510.
What I want to do is
1) have the ASA with a Private IP on the Outside interface Using 1 Public IP as a VPN Server.
2) 1 Public IP as a Web Server and
3) the 3rd Public IP for surfing from the Inside Interface.
I have tried so far to get my first aim to work without success. I can't even get the ASA 5510 to reply to pings to any of the Public IP Addresses from the Outside that I have configured.
Is this at all possible ?
I have already configured something similar with a ASA 5510 that has a Public IP on the Outside interface - this made the job easy.
Please help.
Thanks
02-17-2009 11:44 AM
02-17-2009 12:16 PM
This helps loads with the Ping but - can you also help with the Public - Private IP VPN bit too ?
02-17-2009 12:21 PM
Once you've got the public IP assigned to the outside interface. Setting up the additional access should be pretty easy. All you need is a static statement and an ACL for inbound access to your webserver and you can use the outside interface of the firewall for outbound PAT.
This document should help:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml
02-17-2009 12:27 PM
Thanks Eddie - I will try this and let you know again in the morning - I am working in Germany . getting late here :-)
02-18-2009 01:55 AM
02-18-2009 05:05 AM
So, you've got 12.12.12.1 assigned to the outside interface of your ASA?
Now all you need to do is configure a static and ACL to permit inbound access to your webserver:
static(inside,outside) 12.12.12.2 192.168.1.x netmask 255.255.255.255
access-list outside_in permit tcp any host 12.12.12.2 eq 80
access-group in interface outside
To allow outbound access from your internal clients (will use the outside IP address of the ASA for PAT) you need the following:
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
I won't go into configuring a remote access VPN here, but this document should guide you:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml#cli
02-18-2009 08:12 AM
Eddie,
Configured on the outside interface I have 10.250.250.5
So how do I assign the 12.12.12.1 to the same interface so that I can have the ASA accept IPSec connections to this IP ?
This is what I do not understand.
02-18-2009 08:42 AM
I think you're only options here would be to set up a static NAT translation on your ISP router (12.12.12.1 -> 10.250.250.5)
(Not sure if this will work with VPN's though)
OR
Reconfigure the ASA to have 12.12.12.1 assigned to the outside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide