CISCO ASA 5510 - IP REDIRECT
I am configuring a CISCO ASA 5510 and need to set up a redirection.
I want to translate one of the Public IP's to an internal network device IP.
Is this a static NAT route or access list.
Thanks
I want to translate one of the Public IP's to an internal network device IP.
Is this a static NAT route or access list.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks v.Much
ASKER
Hi Sorry - I thought i was there but it does not seem to work
Here is the config
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 192.168.50.5 www 222.111.2.25 www netmask 255.255.255.255
static (inside,outside) tcp 192.168.50.5 https 222.111.2.25 https netmask 255.255.255.255
access-group inside_access_in in interface inside control-plane
access-group outside in interface outside
This is conecting to our remote support server
The outside address does not resolve?
I have checked the logs and get this - Deny IP Spoof
Here is the config
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 192.168.50.5 www 222.111.2.25 www netmask 255.255.255.255
static (inside,outside) tcp 192.168.50.5 https 222.111.2.25 https netmask 255.255.255.255
access-group inside_access_in in interface inside control-plane
access-group outside in interface outside
This is conecting to our remote support server
The outside address does not resolve?
I have checked the logs and get this - Deny IP Spoof
you need to turn your static around, swap the ip addresses.
static (inside,outside) tcp OUTSIDE-IP www INSIDE-IP www
/Kvistofta
static (inside,outside) tcp OUTSIDE-IP www INSIDE-IP www
/Kvistofta
ASKER
Hi - Thanks
However, i still dont seem to be able to access the server through the IP....?
Here is a some more info..
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp eq www
service-object tcp eq https
access-list inside_access_in extended permit ip any any
access-list outside extended permit object-group DM_INLINE_SERVICE_1 any host 222.111.2.25
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 222.111.2.25 www 192.168.50.5 www netmask 255.255.255.255
static (inside,outside) tcp 222.111.2.25 https 192.168.50.5 https netmask 255.255.255.255
access-group inside_access_in in interface inside control-plane
access-group outside in interface outside
However, i still dont seem to be able to access the server through the IP....?
Here is a some more info..
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp eq www
service-object tcp eq https
access-list inside_access_in extended permit ip any any
access-list outside extended permit object-group DM_INLINE_SERVICE_1 any host 222.111.2.25
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 222.111.2.25 www 192.168.50.5 www netmask 255.255.255.255
static (inside,outside) tcp 222.111.2.25 https 192.168.50.5 https netmask 255.255.255.255
access-group inside_access_in in interface inside control-plane
access-group outside in interface outside
ASKER
Here is the log from ping requests:
2 Sep 10 2010 05:28:18 106016 Deny IP spoof from (99.20.99.150) to 222.111.2.25 on interface outside
It is saying the destination IP address is 0 ???....
Thanks
2 Sep 10 2010 05:28:18 106016 Deny IP spoof from (99.20.99.150) to 222.111.2.25 on interface outside
It is saying the destination IP address is 0 ???....
Thanks
How does your routing table look like? show route
/Kvistofta
/Kvistofta
ASKER
Gateway of last resort is 99.20.99.150 to network 0.0.0.0
C 99.20.99.150 255.255.255.248 is directly connected, outside
C 192.168.50.0 255.255.255.0 is directly connected, inside
C 192.168.1.0 255.255.255.0 is directly connected, management
S* 0.0.0.0 0.0.0.0 [1/0] via 99.20.99.150, outside
I can open another question if you would like points as this is spidering into seperate issues.....
C 99.20.99.150 255.255.255.248 is directly connected, outside
C 192.168.50.0 255.255.255.0 is directly connected, inside
C 192.168.1.0 255.255.255.0 is directly connected, management
S* 0.0.0.0 0.0.0.0 [1/0] via 99.20.99.150, outside
I can open another question if you would like points as this is spidering into seperate issues.....
ASKER
The server is saying failure to detect proxy server if that is any help.
the access-list is necessary