ASA 5510 general setup questions

Unanswered Question
Oct 2nd, 2008

I am green when it comes to firewalls.

I currently have a PIX 506 and we are upgrading to an ASA 5510. It has had so many changes that I want to start fresh. So I am not really trying to view the 506 config and duplicating it.

The 5510 has ASA v 8.04. ASDM v 6.1.3

I ran through the VPN config wizard. so I think that is good. I have a general setup with internal smtp, ftp, and an ISA server for http access.

Do I need to add all my internal servers that access the internet as objects and all their associated public IPs to the network objects list?

When I NAT say my internal email server. Do I only need one NAT rule? this will then translate both inbound and outbound email? Or do I need both inbound rule and outbound NAT rules?

then my access rule would be outside from any to inside (internal smtp server) SMTP protocol permit.

This will then translate incoming SMTP from anywhere to the internal email server for only smtp? this would then be the same for ftp, ect?

Would I need an outgoing rule so only email from my mail server would be allowed to the ASA?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Marwan ALshawi Thu, 10/02/2008 - 06:41

for nating when u creat static nat with two IPs one say for public onoutisde and other for private in isde this will work two way

u need ACL that permit traffic for that public IP on a spisific port to let the traffic come from internet and the source as u said any

good luck

if helpful Rate

brentwoodind Thu, 10/02/2008 - 06:59

thank you for the quick response.

So I need to add all my servers and public IPs to the objects list.

and do I need the ACL for inside to out, so only the smtp server can send email outside?

Actions

This Discussion