ASA Firewall and NAT rules

Answered Question
Jul 4th, 2008
User Badges:
  • Silver, 250 points or more

Hi Guys,


I'm not the greatest on Pix/ASA firewalling. I need help with the following issue.


I have a remote site that needs to acccess one host behind an ASA. VPN is not needed here.

I would like a set of rules where i can allow any connection coming from the remote sites public ip only - in to the ip behind my ASA.


i.e.

Public IP of remote site 1.1.1.1

IP of our network 2.2.2.2

Inside interface of our ASA 192.168.1.1

Host inside out routed network 172.16.1.1


Allow all connections from 1.1.1.1 to 172.16.1.1

A bonus would be to allow ping for testing connectivity.


Thanks in advance


Stephen


Correct Answer by dhananjoy chowdhury about 8 years 10 months ago

hi,

Two things are required NAT and access-lists


the NAT configuration :

static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255


the access-lists config :

access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2

access-group out-in in interface outside


Also check whether the server 172.16.1.1 is reachable from the ASA box.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dhananjoy chowdhury Fri, 07/04/2008 - 00:31
User Badges:
  • Silver, 250 points or more

hi,

Two things are required NAT and access-lists


the NAT configuration :

static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255


the access-lists config :

access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2

access-group out-in in interface outside


Also check whether the server 172.16.1.1 is reachable from the ASA box.



stephen.stack Fri, 07/04/2008 - 01:49
User Badges:
  • Silver, 250 points or more

Thanks for that. It looks nice and simple. the 172.16.1.1 is reachable from the ASA.


Actions

This Discussion