How to reach hosts with public addresses in DMZ from outside

jan.frode.sjursen · ‎06-12-2008

We are going to replace an old Linux based firewall with a Cisco ASA 5505. On the outside interface we have a 255.255.255.252 subnet (1 available address) and we have a DMZ zone with a 255.255.255.240 subnet (with official IP addresses) Usually we translate public addresses on the outside interface to private adresses in DMZ with the static command but in this case there are no address translation from outside to the DMZ. We want to do the same thing with the new firewall. Between the outside interface and the inside interface we will be using NAT/PAT. This solution work's fine with the old firewall but how can we do the same with Cisco ASA 5505? (With static or NAT exemption or something else) The person who installed the old solution can't be found.

Jon Marshall · ‎06-12-2008

Easiest thing to do is just a static translation ie.

static (DMZ,outside) 195.167.10.0 195.167.10.0 netmask 255.255.255.240

Jon

jan.frode.sjursen · ‎06-14-2008

Thanks! We have not tested it yet but i'm pretty sure this will work.

sr2525980 · ‎06-14-2008

Yup Jon is rite. Just shot it :)

Regards

- Afan