ASA 5510, DMZ, NAT

Answered Question
Dec 10th, 2007

Hi,

I'm new to the ASA and I'm trying to set up a demo 5510 in a test environment.

There is a webserver in the DMZ that I'd like to make accessible to the inside and the outside. I have a /27 and would like to use a different IP than the interface for the webserver and I can't figure out how to get this working.

The webserver is at 172.16.0.176 and I would like to use xx.xx.184.88 to reach it from the outside. The outside interface on the ASA is xx.xx.184.90. Inside is 10.39.0.0.

Any tips?

I have this problem too.
0 votes
Correct Answer by husycisco about 8 years 11 months ago

Hi Nathan

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in permit tcp any host xx.xx.184.88 eq desiredportnumberhere

For reaching from inside

static (inside,DMZ) 172.16.0.176 172.16.0.176 netmask 255.255.255.25

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
acomiskey Mon, 12/10/2007 - 11:13

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host xx.xx.184.90 eq www

access-group outside_access_in in interface outside

Correct Answer
husycisco Mon, 12/10/2007 - 11:15

Hi Nathan

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in permit tcp any host xx.xx.184.88 eq desiredportnumberhere

For reaching from inside

static (inside,DMZ) 172.16.0.176 172.16.0.176 netmask 255.255.255.25

Regards

Actions

This Discussion