Solved

cisco ASA static route

Posted on 2015-01-16
3
148 Views
Last Modified: 2015-01-25
We have a Cisco ASA 5510 and we have an entry for our previous email server natted through it (internal IP - x.x.40.110, External x.x.121.179).  I created a new email server and I want to provide it a static NAT through it as well, internal x.x.35.130, external x.x.121.181.  I am a bit unsure of how to do it, command wise.  I am not an ASA expert but from what I can gather it looks like there are groups and then that is how the "permissions" are done.  I wasn't sure if I need to define a new object or if I can just add the new server IP to the group and then add it to the ACL.  I am really confused.  Below is our current configuration.  I just need to get a new IP to NAT through the firewall for the new server.  I do not want to modify the settings for the old server.


Current config-

the lines that related to the old server

This is from the running config-
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_TCP_1 tcp
 port-object eq https
 port-object eq smtp
access-list outside_access_in extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1

static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255


ciscoasa# show access-list

access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 object-group DM_INLINE_TCP_1 0xabf54791

  access-list outside_access_in line 2 extended permit tcp any host x.x.121.179 eq https (hitcnt=2063101) 0x1c2099b4    

  access-list outside_access_in line 2 extended permit tcp any host   x.x.121.179 eq smtp (hitcnt=58507) 0x23ab9cfc




ciscoasa# show access-list running-config object-group

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp



 ciscoasa#  show running-config object group protocol

object-group protocol TCPUDP

 protocol-object udp

 protocol-object tcp




ciscoasa# show running-config object-group protocol service

object-group service DM_INLINE_TCP_1 tcp

 port-object eq https

 port-object eq smtp
0
Comment
Question by:Angela Owens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Accepted Solution

by:
Angela Owens earned 0 total points
ID: 40554249
I ran the commands and it "seems" to have worked....
0
 
LVL 79

Expert Comment

by:arnold
ID: 40554811
static (inside,outside) x.x.121.179 x.x.40.110 netmask 255.255.255.255  deals with mapping the internal IP to the external IP dealing with packet marker on the outgoing Packet's source IP. as well as mapping the outside to the inside.

The access lists are what permits the incoming entering and then passing to the final destination.
0
 

Author Closing Comment

by:Angela Owens
ID: 40569016
Running the commands I posted resolved it.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question