ASA with public DMZ

Unanswered Question
Mar 27th, 2007
User Badges:

I'm installing an ASA 5505. I have public IPs for both the DMZ and the outside interface. Do I still need to set up some sort of address translation through the ASA or will it automatically go through to the DMZ? For example, if someone on the internet wants to get to the webserver in my DMZ, it already has a public address, do I need to do anything special on the ASA to direct it there?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Tue, 03/27/2007 - 17:48
User Badges:
  • Green, 3000 points or more

Yes, you still need a static translation for the outside users to access the server on the DMZ.You can use the actual web server address in the (dmz, outside) translation. You also need to apply access list on the outside interface, assuming it has lower security than DMZ, to allow access to the web server.


Here's an example that you may find helpful;


http://www.cisco.com/en/US/products/ps6120/products_getting_started_guide_chapter09186a00805e2922.html


HTH


Sundar

Actions

This Discussion