Solved

cisco ASA static route

Posted on 2015-01-16
3
132 Views
Last Modified: 2015-01-25
We have a Cisco ASA 5510 and we have an entry for our previous email server natted through it (internal IP - x.x.40.110, External x.x.121.179).  I created a new email server and I want to provide it a static NAT through it as well, internal x.x.35.130, external x.x.121.181.  I am a bit unsure of how to do it, command wise.  I am not an ASA expert but from what I can gather it looks like there are groups and then that is how the "permissions" are done.  I wasn't sure if I need to define a new object or if I can just add the new server IP to the group and then add it to the ACL.  I am really confused.  Below is our current configuration.  I just need to get a new IP to NAT through the firewall for the new server.  I do not want to modify the settings for the old server.


Current config-

the lines that related to the old server

This is from the running config-
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
 port-object eq https
 port-object eq smtp
access-list outside_access_in extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1

static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255


ciscoasa# show access-list

access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1 0xabf54791

  access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 eq https (hitcnt=2063101) 0x1c2099b4    

  access-list outside_access_in line 2 extended permit tcp any host   x.x.121.179 eq smtp (hitcnt=58507) 0x23ab9cfc




ciscoasa# show access-list running-config object-group

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp



 ciscoasa#  show running-config object group protocol

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp




ciscoasa# show running-config object-group protocol service

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp
0
Comment
Question by:Angela Owens
  • 2
3 Comments
 

Accepted Solution

by:
Angela Owens earned 0 total points
ID: 40554249
I ran the commands and it "seems" to have worked....
0
 
LVL 77

Expert Comment

by:arnold
ID: 40554811
static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255  deals with mapping the internal IP to the external IP dealing with packet marker on the outgoing Packet's source IP. as well as mapping the outside to the inside.

The access lists are what permits the incoming entering and then passing to the final destination.
0
 

Author Closing Comment

by:Angela Owens
ID: 40569016
Running the commands I posted resolved it.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question