cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
291
Views
4
Helpful
2
Replies

Static with ACL

wasiimcisco
Level 1
Level 1

i have one global ip address x.x.188.5 and I have to servers 192.168.1.219 and 192.168.1.220. I want to advertise these servers over

the Internet on the following HTTPS & SSH.

How can i advertise these servers with one global IP address. Please help me out

2 Replies 2

Hi, If A.B.C.D is the global IP, and your servers 192.168.1.219 and 220 are in DMZ,

static (dmz,Outside) tcp A.B.C.D 443 192.168.1.219 443

static (dmz,Outside) tcp A.B.C.D 22 192.168.1.220 22

access-list out-in permit tcp any host A.B.C.D eq 443

access-list out-in permit tcp any host A.B.C.D eq 22

access-group out-in in interface Outside

thanks for the help, but now one more problem, i have my exchange server 172.15.1.2, 172.15.1.3. For internet browsing i m doing static nat for these two severs web surfacing. I want to only allow https, http and smtp for Internet browsing.

i tried this

static(inside,outside) x.x.x.x acccess-list exg-acl

access-list exg-acl extended permit tcp host 172.15.1.2 any eq https

access-list exg-acl extended permit tcp host 172.15.1.2 any eq http

access-list exg-acl extended permit tcp host 172.15.1.2 any eq smtp

access-list exg-acl extended permit tcp host 172.15.1.3 any eq https

access-list exg-acl extended permit tcp host 172.15.1.3 any eq http

access-list exg-acl extended permit tcp host 172.15.1.3 any eq smtp

but it is not working only when i allow the full ip by this

access-list exg-acl extended permit ip host 172.15.1.3 any

access-list exg-acl extended permit ip host 172.15.1.2 any

why it is so. Please let me know

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: