Link to home
Create AccountLog in
Avatar of FlyingFortress
FlyingFortressFlag for United Kingdom of Great Britain and Northern Ireland

asked on

CISCO ASA 5510 - IP REDIRECT

I am configuring a CISCO ASA 5510 and need to set up a redirection.

I want to translate one of the Public IP's to an internal network device IP.

Is this a static NAT route or access list.

Thanks

ASKER CERTIFIED SOLUTION
Avatar of Mystique_87
Mystique_87

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Avatar of Jimmy Larsson, CISSP, CEH
Jimmy Larsson, CISSP, CEH
Flag of Sweden image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Mystique_87
Mystique_87

oh, I am sorry
the access-list is necessary
Avatar of FlyingFortress

ASKER

Thanks v.Much
Hi Sorry - I thought i was there but it does not seem to work

Here is the config

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 192.168.50.5 www 222.111.2.25 www netmask 255.255.255.255
static (inside,outside) tcp 192.168.50.5 https 222.111.2.25 https netmask 255.255.255.255
access-group inside_access_in in interface inside control-plane
access-group outside in interface outside

This is conecting to our remote support server

The outside address does not resolve?

I have checked the logs and get this - Deny IP Spoof



you need to turn your static around, swap the ip addresses.

static (inside,outside) tcp OUTSIDE-IP www INSIDE-IP www

/Kvistofta
Hi - Thanks

However, i still dont seem to be able to access the server through the IP....?

Here is a some more info..


object-group service DM_INLINE_SERVICE_1
 service-object ip
 service-object tcp eq www
 service-object tcp eq https
access-list inside_access_in extended permit ip any any
access-list outside extended permit object-group DM_INLINE_SERVICE_1 any host 222.111.2.25
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 222.111.2.25 www 192.168.50.5 www netmask 255.255.255.255
static (inside,outside) tcp 222.111.2.25 https 192.168.50.5 https netmask 255.255.255.255
access-group inside_access_in in interface inside control-plane
access-group outside in interface outside
Here is the log from ping requests:

2      Sep 10 2010      05:28:18      106016                              Deny IP spoof from (99.20.99.150) to 222.111.2.25 on interface outside

It is saying the destination IP address is 0 ???....

Thanks
How does your routing table look like? show route

/Kvistofta
Gateway of last resort is 99.20.99.150 to network 0.0.0.0

C    99.20.99.150 255.255.255.248 is directly connected, outside
C    192.168.50.0 255.255.255.0 is directly connected, inside
C    192.168.1.0 255.255.255.0 is directly connected, management
S*   0.0.0.0 0.0.0.0 [1/0] via 99.20.99.150, outside

I can open another question if you would like points as this is spidering into seperate issues.....
The server is saying failure to detect proxy server if that is any help.