Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

cisco ASA static route

Posted on 2015-01-16
3
Medium Priority
?
159 Views
Last Modified: 2015-01-25
We have a Cisco ASA 5510 and we have an entry for our previous email server natted through it (internal IP - x.x.40.110, External x.x.121.179).  I created a new email server and I want to provide it a static NAT through it as well, internal x.x.35.130, external x.x.121.181.  I am a bit unsure of how to do it, command wise.  I am not an ASA expert but from what I can gather it looks like there are groups and then that is how the "permissions" are done.  I wasn't sure if I need to define a new object or if I can just add the new server IP to the group and then add it to the ACL.  I am really confused.  Below is our current configuration.  I just need to get a new IP to NAT through the firewall for the new server.  I do not want to modify the settings for the old server.


Current config-

the lines that related to the old server

This is from the running config-
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
 port-object eq https
 port-object eq smtp
access-list outside_access_in extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1

static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255


ciscoasa# show access-list

access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1 0xabf54791

  access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 eq https (hitcnt=2063101) 0x1c2099b4    

  access-list outside_access_in line 2 extended permit tcp any host   x.x.121.179 eq smtp (hitcnt=58507) 0x23ab9cfc




ciscoasa# show access-list running-config object-group

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp



 ciscoasa#  show running-config object group protocol

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp




ciscoasa# show running-config object-group protocol service

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp
0
Comment
Question by:Angela Owens
  • 2
3 Comments
 

Accepted Solution

by:
Angela Owens earned 0 total points
ID: 40554249
I ran the commands and it "seems" to have worked....
0
 
LVL 80

Expert Comment

by:arnold
ID: 40554811
static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255  deals with mapping the internal IP to the external IP dealing with packet marker on the outgoing Packet's source IP. as well as mapping the outside to the inside.

The access lists are what permits the incoming entering and then passing to the final destination.
0
 

Author Closing Comment

by:Angela Owens
ID: 40569016
Running the commands I posted resolved it.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question