Static with ACL

Unanswered Question
Jul 31st, 2008

i have one global ip address x.x.188.5 and I have to servers 192.168.1.219 and 192.168.1.220. I want to advertise these servers over

the Internet on the following HTTPS & SSH.

How can i advertise these servers with one global IP address. Please help me out

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
dhananjoy chowdhury Thu, 07/31/2008 - 09:29

Hi, If A.B.C.D is the global IP, and your servers 192.168.1.219 and 220 are in DMZ,

static (dmz,Outside) tcp A.B.C.D 443 192.168.1.219 443

static (dmz,Outside) tcp A.B.C.D 22 192.168.1.220 22

access-list out-in permit tcp any host A.B.C.D eq 443

access-list out-in permit tcp any host A.B.C.D eq 22

access-group out-in in interface Outside

wasiimcisco Thu, 07/31/2008 - 12:56

thanks for the help, but now one more problem, i have my exchange server 172.15.1.2, 172.15.1.3. For internet browsing i m doing static nat for these two severs web surfacing. I want to only allow https, http and smtp for Internet browsing.

i tried this

static(inside,outside) x.x.x.x acccess-list exg-acl

access-list exg-acl extended permit tcp host 172.15.1.2 any eq https

access-list exg-acl extended permit tcp host 172.15.1.2 any eq http

access-list exg-acl extended permit tcp host 172.15.1.2 any eq smtp

access-list exg-acl extended permit tcp host 172.15.1.3 any eq https

access-list exg-acl extended permit tcp host 172.15.1.3 any eq http

access-list exg-acl extended permit tcp host 172.15.1.3 any eq smtp

but it is not working only when i allow the full ip by this

access-list exg-acl extended permit ip host 172.15.1.3 any

access-list exg-acl extended permit ip host 172.15.1.2 any

why it is so. Please let me know

Actions

This Discussion