NAT/PAT problems - ASA / ASDM

We deployed an ASA 5505 to handle our network firewall/routing in our office, and have discovered that we cannot connect to services via our external address.

Example:

Connected internally to our network, we were able to get to services running internally but from our external address. When we try from a connection outside of our network, it's fine:

Our internal network connects us at 192.168.x.x. , and we have servers running services that are definitely up and working (verified) when connecting internally. We need to be able to connect via our external IP from inside our network. We're using an ASA5505 with ASA 8.2, which we're managing via ASDM 6.2.

What sort of rules do we need to add to make this happen?

pulseeenergyAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
luc_royConnect With a Mentor Commented:
The first question would be do you have multiple public IP’s? If you are planning on providing more than one service and you want them to each get an IP that can become costly.  

You can static NAT an external IP to an internal one, here is an excellent tutorial

http://blogs.techrepublic.com.com/networking/?p=264

you can also do it by port if you only have one IP and want to map your public IP to a private IP and direct them to a particular port, HTTP, FTP, etc…

The only issue with this is getting people to remember the IP’s.  Once you have the static NAT in place  you might want to use a service like GO Daddy to redirect a domain to your IP so people do not need to remember an IP but a relevant domain name.
0
 
pulseeenergyAuthor Commented:
All of our services are redirected through a single external IP (209.x.x.1) , and we have rules in place to direct that traffic to various servers etc. We have a number of developers trying to ssh into one of our servers using a tunnel that's configured to connect at the external address. Additionally, they have a number of things going on that rely on that setup.



0
 
Pete LongTechnical ConsultantCommented:
You need to set up port forwarding http://www.petenetlive.com/KB/Article/0000077.htm
Note to port forward SSH make sure you dont have and SSH access set up on the outside interface
Issue a "show run ssh" to see
0
 
pulseeenergyAuthor Commented:
And that would allow connectivity in that manner even if they're inside of that network?
0
 
luc_royCommented:
yes it would.  You just need to make sure you set up a forward for each port you are using.
0
All Courses

From novice to tech pro — start learning today.