07-31-2008 08:31 AM - edited 03-11-2019 06:23 AM
i have one global ip address x.x.188.5 and I have to servers 192.168.1.219 and 192.168.1.220. I want to advertise these servers over
the Internet on the following HTTPS & SSH.
How can i advertise these servers with one global IP address. Please help me out
07-31-2008 09:29 AM
Hi, If A.B.C.D is the global IP, and your servers 192.168.1.219 and 220 are in DMZ,
static (dmz,Outside) tcp A.B.C.D 443 192.168.1.219 443
static (dmz,Outside) tcp A.B.C.D 22 192.168.1.220 22
access-list out-in permit tcp any host A.B.C.D eq 443
access-list out-in permit tcp any host A.B.C.D eq 22
access-group out-in in interface Outside
07-31-2008 12:56 PM
thanks for the help, but now one more problem, i have my exchange server 172.15.1.2, 172.15.1.3. For internet browsing i m doing static nat for these two severs web surfacing. I want to only allow https, http and smtp for Internet browsing.
i tried this
static(inside,outside) x.x.x.x acccess-list exg-acl
access-list exg-acl extended permit tcp host 172.15.1.2 any eq https
access-list exg-acl extended permit tcp host 172.15.1.2 any eq http
access-list exg-acl extended permit tcp host 172.15.1.2 any eq smtp
access-list exg-acl extended permit tcp host 172.15.1.3 any eq https
access-list exg-acl extended permit tcp host 172.15.1.3 any eq http
access-list exg-acl extended permit tcp host 172.15.1.3 any eq smtp
but it is not working only when i allow the full ip by this
access-list exg-acl extended permit ip host 172.15.1.3 any
access-list exg-acl extended permit ip host 172.15.1.2 any
why it is so. Please let me know
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: