Static with ACL

Unanswered Question
Jul 31st, 2008
User Badges:

i have one global ip address x.x.188.5 and I have to servers 192.168.1.219 and 192.168.1.220. I want to advertise these servers over

the Internet on the following HTTPS & SSH.



How can i advertise these servers with one global IP address. Please help me out



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
dhananjoy chowdhury Thu, 07/31/2008 - 09:29
User Badges:
  • Silver, 250 points or more

Hi, If A.B.C.D is the global IP, and your servers 192.168.1.219 and 220 are in DMZ,


static (dmz,Outside) tcp A.B.C.D 443 192.168.1.219 443

static (dmz,Outside) tcp A.B.C.D 22 192.168.1.220 22


access-list out-in permit tcp any host A.B.C.D eq 443

access-list out-in permit tcp any host A.B.C.D eq 22


access-group out-in in interface Outside

wasiimcisco Thu, 07/31/2008 - 12:56
User Badges:

thanks for the help, but now one more problem, i have my exchange server 172.15.1.2, 172.15.1.3. For internet browsing i m doing static nat for these two severs web surfacing. I want to only allow https, http and smtp for Internet browsing.


i tried this


static(inside,outside) x.x.x.x acccess-list exg-acl


access-list exg-acl extended permit tcp host 172.15.1.2 any eq https

access-list exg-acl extended permit tcp host 172.15.1.2 any eq http

access-list exg-acl extended permit tcp host 172.15.1.2 any eq smtp


access-list exg-acl extended permit tcp host 172.15.1.3 any eq https

access-list exg-acl extended permit tcp host 172.15.1.3 any eq http

access-list exg-acl extended permit tcp host 172.15.1.3 any eq smtp


but it is not working only when i allow the full ip by this



access-list exg-acl extended permit ip host 172.15.1.3 any

access-list exg-acl extended permit ip host 172.15.1.2 any


why it is so. Please let me know




Actions

This Discussion