07-04-2008 12:14 AM - edited 03-11-2019 06:09 AM
Hi Guys,
I'm not the greatest on Pix/ASA firewalling. I need help with the following issue.
I have a remote site that needs to acccess one host behind an ASA. VPN is not needed here.
I would like a set of rules where i can allow any connection coming from the remote sites public ip only - in to the ip behind my ASA.
i.e.
Public IP of remote site 1.1.1.1
IP of our network 2.2.2.2
Inside interface of our ASA 192.168.1.1
Host inside out routed network 172.16.1.1
Allow all connections from 1.1.1.1 to 172.16.1.1
A bonus would be to allow ping for testing connectivity.
Thanks in advance
Stephen
Solved! Go to Solution.
07-04-2008 12:31 AM
hi,
Two things are required NAT and access-lists
the NAT configuration :
static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255
the access-lists config :
access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2
access-group out-in in interface outside
Also check whether the server 172.16.1.1 is reachable from the ASA box.
07-04-2008 12:31 AM
hi,
Two things are required NAT and access-lists
the NAT configuration :
static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255
the access-lists config :
access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2
access-group out-in in interface outside
Also check whether the server 172.16.1.1 is reachable from the ASA box.
07-04-2008 01:49 AM
Thanks for that. It looks nice and simple. the 172.16.1.1 is reachable from the ASA.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: