Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

cisco ASA static route

Posted on 2015-01-16
3
Medium Priority
?
153 Views
Last Modified: 2015-01-25
We have a Cisco ASA 5510 and we have an entry for our previous email server natted through it (internal IP - x.x.40.110, External x.x.121.179).  I created a new email server and I want to provide it a static NAT through it as well, internal x.x.35.130, external x.x.121.181.  I am a bit unsure of how to do it, command wise.  I am not an ASA expert but from what I can gather it looks like there are groups and then that is how the "permissions" are done.  I wasn't sure if I need to define a new object or if I can just add the new server IP to the group and then add it to the ACL.  I am really confused.  Below is our current configuration.  I just need to get a new IP to NAT through the firewall for the new server.  I do not want to modify the settings for the old server.


Current config-

the lines that related to the old server

This is from the running config-
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
 port-object eq https
 port-object eq smtp
access-list outside_access_in extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1

static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255


ciscoasa# show access-list

access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1 0xabf54791

  access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 eq https (hitcnt=2063101) 0x1c2099b4    

  access-list outside_access_in line 2 extended permit tcp any host   x.x.121.179 eq smtp (hitcnt=58507) 0x23ab9cfc




ciscoasa# show access-list running-config object-group

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp



 ciscoasa#  show running-config object group protocol

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp




ciscoasa# show running-config object-group protocol service

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp
0
Comment
Question by:Angela Owens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Accepted Solution

by:
Angela Owens earned 0 total points
ID: 40554249
I ran the commands and it "seems" to have worked....
0
 
LVL 79

Expert Comment

by:arnold
ID: 40554811
static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255  deals with mapping the internal IP to the external IP dealing with packet marker on the outgoing Packet's source IP. as well as mapping the outside to the inside.

The access lists are what permits the incoming entering and then passing to the final destination.
0
 

Author Closing Comment

by:Angela Owens
ID: 40569016
Running the commands I posted resolved it.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
In this article, we’ll look at how to deploy ProxySQL.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question