Link to home
Start Free TrialLog in
Avatar of bts86
bts86

asked on

Cisco ASA configuration

I have a cisco asa 5505.

Setup right now is pretty basic. 1 WAN connection, 2 inside vlans, PAT on everything. No ports open on firewall.

My developers have a server that they want to access via the internet. How do I use one of my other public IPs (have block of 5, currently using 1) to translate to the internal address of that one server?

Prefer asdm instructions, my cisco cli is a little rusty.
Avatar of asavener
asavener
Flag of United States of America image

"Access via the Internet" is very vague.  Is this a web server they want to publish, or what?

The basic steps are:  
1.  Create a NAT rule that translates the public IP to the private IP (possibly with port restrictions)
2.  Modify your inbound access list to allow the traffic.
ASKER CERTIFIED SOLUTION
Avatar of Sandy
Sandy
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bts86
bts86

ASKER

They actually want it fully exposed. They said they will secure the server themselves. So, the ACL will allow all IP for that public IP.

I just find the "new static nat rule" box a little confusing as to which ip/interface needs to go in which box.

I attached a screenshot.

Tried this way but doesnt seem to work:
Under original, the interface is outside and source is the outside ip
Under translated is the inside interface and the internal IP
Created rule on outside interface allow all IP to the server's internal ip (or should it be the external?)
Capture.PNG
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bts86

ASKER

It works. Thanks, I had it backwards.