Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
4
Helpful
2
Replies

ASA 5510 general setup questions

brentwoodind
Level 1
Level 1

‎10-02-2008 06:30 AM - edited ‎03-11-2019 06:52 AM

I am green when it comes to firewalls.

I currently have a PIX 506 and we are upgrading to an ASA 5510. It has had so many changes that I want to start fresh. So I am not really trying to view the 506 config and duplicating it.

The 5510 has ASA v 8.04. ASDM v 6.1.3

I ran through the VPN config wizard. so I think that is good. I have a general setup with internal smtp, ftp, and an ISA server for http access.

Do I need to add all my internal servers that access the internet as objects and all their associated public IPs to the network objects list?

When I NAT say my internal email server. Do I only need one NAT rule? this will then translate both inbound and outbound email? Or do I need both inbound rule and outbound NAT rules?

then my access rule would be outside from any to inside (internal smtp server) SMTP protocol permit.

This will then translate incoming SMTP from anywhere to the internal email server for only smtp? this would then be the same for ftp, ect?

Would I need an outgoing rule so only email from my mail server would be allowed to the ASA?

Labels:
0 Helpful
2 Replies 2

Marwan ALshawi
VIP Alumni
VIP Alumni

‎10-02-2008 06:41 AM

for nating when u creat static nat with two IPs one say for public onoutisde and other for private in isde this will work two way

u need ACL that permit traffic for that public IP on a spisific port to let the traffic come from internet and the source as u said any

good luck

if helpful Rate

brentwoodind
Level 1
Level 1
In response to Marwan ALshawi

‎10-02-2008 06:59 AM

thank you for the quick response.

So I need to add all my servers and public IPs to the objects list.

and do I need the ACL for inside to out, so only the smtp server can send email outside?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card