- Gold, 750 points or more
May be a dumb question.One of my client planning on creating RDP access to few servers sitting on 'Inside' of ASA5510. Client requested ISP /24 pulic address space and was provided with 126.96.36.199/24 (ips changed). Also,ISP provided client with ASA ouside i/f IP: 188.8.131.52/30 and Default gateway for ASA (ISPs modem) as 184.108.40.206/30.
So what is the best way to use the ISP assigned public IPs to provide RDP access to servers inside..? Can I assign 220.127.116.11/24 to ASA inside and can create 'NO NAT' to access internet and also RDP.
Or I was originally thinking about having NAT with pvt ip scheme internally (was not aware of public ip space requested). So is there any way using same pvt ip space and assigned /24 ip addresses to create Internet/RDP access?
Any help with config links is appreciated.
"I was originally thinking about having NAT with pvt ip scheme internally (was not aware of public ip space requested).So is there any way using same pvt ip space and assigned/24 ip addresses to create Internet/RDP
Upsolutely possible and best to do it as you have thought it out.
If I understand correctly: please correct me otherwise !
1-You have ASA5510, outside interface with Public IP 18.104.22.168/30
2-ISP router with IP 22.214.171.124/30
3-ISP gives client 254 public IP addresses for client use on different range as 126.96.36.199/24
You may well do the following if you do not have inside interface IP configured.
1- ASA5510 inside can be any ip subnet from any of the private reserved ranges.For your inside interface you could use any of the bellow private ranges.
i-10.0.0.0 through 10.255.255.255
ii-172.16.0.0 through 172.31.255.255
iii-192.168.0.0 through 192.168.255.255
assume you have for inside interface 172.16.1.1/24
so you have :
ASA5510 outside interface IP: 188.8.131.52/30
ASA5510 inside interface IP : 172.16.1.1/24
for your new ISP privided public IP range simply create in ASA5510 your one-to-one NAT
translations using the new IP addresses from ISP. Note that ISP must route the new Public IP address space back to your ASA5510 outside interface, Im sure they know that.
As said, simply create your static nat using new public IP address, you may also create
global nat pools if needed.
e.g RDP access from outside using public IP 184.108.40.206 NATed to 172.16.1.50 PC inside host
static (inside,oustide) 220.127.116.11 172.16.1.50 netmask 255.255.255.0 0 0
access-list outside_access_in permit tcp any host 18.104.22.168 eq 3389
access-group outside_access_in in interface outside
e.g for creating additional global pools using new IP range PAT.
global (outside) 2 22.214.171.124-126.96.36.199
global (oustide) 2 188.8.131.52