kevin_todd
asked on
Cisco static command
Hi Experts,
I have a question regarding our cisco asa. We typically use juniper ssg5s for small business setups, but weve had a customer requesting a cisco ASA5505, as they need a vpn tunnel between 2 sites. The vpn set up and works fine. My question is regarding the inbound access from the web into the server behind the firewall. The setup is:
Untrusted network: 10.10.10.148/30
Trusted network: 10.10.10.152/29
(its one /24 network that we subnet)
Outside interface - 10.10.10.150
Inside interface 10.10.10.153
Server on inside 10.10.10.154
Servers ILO 10.10.10.155
There is a static command to allow traffic from the outside to the Server:
Static (inside,outside) 10.10.10.154 10.10.10.154 netmask 255.255.255.255
And an access list that allows https traffic to the server. This appears to work fine...my question is, can i create another rule so we can see the servers ilo (which also uses https) or will the 2 rules clash? For example:
Static (inside,outside) 10.10.10.154 10.10.10.154 netmask 255.255.255.255
Static (inside,outside) 10.10.10.155 10.10.10.155 netmask 255.255.255.255
And then a couple of access-lists to allow the traffic.
Will this work?
I have a question regarding our cisco asa. We typically use juniper ssg5s for small business setups, but weve had a customer requesting a cisco ASA5505, as they need a vpn tunnel between 2 sites. The vpn set up and works fine. My question is regarding the inbound access from the web into the server behind the firewall. The setup is:
Untrusted network: 10.10.10.148/30
Trusted network: 10.10.10.152/29
(its one /24 network that we subnet)
Outside interface - 10.10.10.150
Inside interface 10.10.10.153
Server on inside 10.10.10.154
Servers ILO 10.10.10.155
There is a static command to allow traffic from the outside to the Server:
Static (inside,outside) 10.10.10.154 10.10.10.154 netmask 255.255.255.255
And an access list that allows https traffic to the server. This appears to work fine...my question is, can i create another rule so we can see the servers ilo (which also uses https) or will the 2 rules clash? For example:
Static (inside,outside) 10.10.10.154 10.10.10.154 netmask 255.255.255.255
Static (inside,outside) 10.10.10.155 10.10.10.155 netmask 255.255.255.255
And then a couple of access-lists to allow the traffic.
Will this work?
yes this willl work
yes this willl work
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi folks,
Thats great...thanks, i'll try these and get back to you.
Thats great...thanks, i'll try these and get back to you.