07-09-2007 09:54 AM - edited 03-11-2019 03:42 AM
Hi all,
I have a ASA5510 with outside public IP, DMZ public network (x.x.x.64/29) and inside private (192.168.2.0/24) and I want to give access from the outside to the inside using an IP address from the DMZ.
The idea is to have a www.test.com pointing to x.x.x.65 (it's not the IP of the interface) but I don't have a server in the DMZ, I only have a server inside (192.168.2.10).
How can I do this?
Best regards for all.
Solved! Go to Solution.
07-09-2007 10:07 AM
Does this work...
static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host x.x.x.65 eq www
access-group outside_access_in in interface outside
07-09-2007 10:07 AM
Does this work...
static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host x.x.x.65 eq www
access-group outside_access_in in interface outside
07-09-2007 10:27 AM
My config:
interface Ethernet0/0
nameif Inside
security-level 100
ip address 192.168.2.2 255.255.255.0
!
interface Ethernet0/1
nameif DMZ
security-level 50
ip address x.x.x.70 255.255.255.248
!
interface Ethernet0/2
nameif Outside
security-level 0
ip address 192.168.10.2 255.255.255.0
!
access-list Outside_nat0_inbound extended permit ip any x.x.x.64 255.255.255.248
access-list Outside_access_in extended permit ip any host x.x.x.69
access-list DMZ_access_in extended permit ip host x.x.x.69 host 192.168.2.15
!
nat (Outside) 0 access-list Outside_nat0_inbound outside
static (Inside,DMZ) x.x.x.69 192.168.2.15 netmask 255.255.255.255
access-group Inside_access_in in interface Inside
access-group DMZ_access_in in interface DMZ
access-group Outside_access_in in interface Outside
This is the relevant config.
Regards
07-09-2007 11:14 AM
Did you try my posted suggestion above?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: