aromeo409
asked on
External IP Address Configuration
I currently have an SBS Server connected to the Internet via a ASA 5505 and I want to connect a website on an additional Windows 2003 server on my network. My SBS Server is connected to the current interface. I some assistence in configuring an additional Public IP Address for my CISCO ASA 5505. I would like to configure an additional outside interface. I currently have 5 public IP addresses assigned by my ISP. The current outside interface is 216.178.X.1 and I would like to add an additional IP Address 216.178.X .2to my outside interface so I can connect the additional website from my second Windows 2003 server.
Thanks!
Thanks!
ASKER
Thanks, I'll give it a shot.
ASKER
Execuse my ignorance, but to what access list do I this to?
are you doing this from asdm or terminal?
if you're on a terminal, do 'sh run | grep access-group'
this will output something like
access-group outside_access_in in interface outside
this means that the access list named 'outside_access_in' is applied to traffic inbound to the interface outside (coming in from internet)
look for the one that is on interface outside.
then, run 'sh access-list '
this will show you the actual access-list, line by line. determine where is the best place to put the rule. (before the deny rules) If in doubt, it will be ok at rule 1
then, do the following
conf t
access-list line <#> permit tcp any host 216.178.x.2 eq www
static (inside,outside) 216.178.x.2 192.168.1.2 netmask 255.255.255.255
end
if you're doing this in asdm, i'll need to know which version of asdm you're doing it in to walk you through the easiest, but basically, goto the firewall configuration page, access-lists, and look for the outside interface. Add a line and put the same information in. (source any, dest 216.178.x.2, port tcp:80, permit)
then goto the NAT/translation page, and create a new static entry. (the logic may seem backwards) inside source = 192.168.x.2, translated = outside and 216.178.x.2.
if you're on a terminal, do 'sh run | grep access-group'
this will output something like
access-group outside_access_in in interface outside
this means that the access list named 'outside_access_in' is applied to traffic inbound to the interface outside (coming in from internet)
look for the one that is on interface outside.
then, run 'sh access-list '
this will show you the actual access-list, line by line. determine where is the best place to put the rule. (before the deny rules) If in doubt, it will be ok at rule 1
then, do the following
conf t
access-list line <#> permit tcp any host 216.178.x.2 eq www
static (inside,outside) 216.178.x.2 192.168.1.2 netmask 255.255.255.255
end
if you're doing this in asdm, i'll need to know which version of asdm you're doing it in to walk you through the easiest, but basically, goto the firewall configuration page, access-lists, and look for the outside interface. Add a line and put the same information in. (source any, dest 216.178.x.2, port tcp:80, permit)
then goto the NAT/translation page, and create a new static entry. (the logic may seem backwards) inside source = 192.168.x.2, translated = outside and 216.178.x.2.
ASKER
I'm doing this fro the ADSM v1.5(20). Thanks!
asdm 1.5(20) ??? do you mean 5.01? That's the oldest version out for the asa.
Let me know if you need more help.
Let me know if you need more help.
ASKER
I'm sorry it's 5.2
did you get this working yet?
ASKER
I haven't made the change yet. I'm waiting for the Web Developer to finish his coding and I will flip the switch. I looked the in the ADSM and I din't see a firewall configuration page. It is some where else?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. That works great....
ASKER
Thanks!
(assuming 192.168.1.2 is the IP address of your second internal server)
static (inside,outside) 216.178.x.2 192.168.1.2 netmask 255.255.255.255
then you modify the access list, which will look something like this (depending on your current access-list)
access-list outside_access_in line 2 permit tcp any host 216.178.x.2 eq www