09-16-2009 10:22 AM - edited 03-11-2019 09:16 AM
I want to put an ASA with 2 interfaces, one outside, the other a dmz interface. In the DMZ will be a server, however, the server will have a public IP address assigned to it, so not NATng will take place. How do I setup the interfaces and allow the outside to connect to it? The server has an ip in the same subnet as the static IP I will be giving the outside interface? how do I make this work, as it was my understanding that I need to put an IP on the dmz interface also, and that has to be in the same range as the server, but different subnet altogether than the outside interface?
09-16-2009 11:30 AM
If you have only 2 IP's in the same subnet, there is no possibility to get it work. The only solution is:
- assign a private IP-Range on the DMZ
- the server in the DMZ an IP from the same DMZ range
- 1:1 NAT from DMZ (server IP) to second public IP (outside)
09-16-2009 08:43 PM
yes, you assign private ip to DMZ Zone, and configure your one of the public ip outside interface, the configure static route to DMZ server to public ip. it'll work.
09-17-2009 04:41 AM
If I understand your scenario correctly, your best option would be to run the ASA in transparent mode.
This way the ASA would not have any IP addresses on either the "internet" or "DMZ" interfaces. You would probably have one on the MGT interface.
09-17-2009 05:30 AM
Hmm...not realy.
Take a look at this example:
Greets
09-18-2009 03:09 AM
In the scenario posted it was stated :-
"In the DMZ will be a server, however, the server will have a public IP address assigned to it, so not NATng will take place"
The example you point to shows a NAT of the outside address to the inside address :-
"static (dmz,outside) 192.168.200.227 172.16.31.10 netmask 255.255.255.255"
The only options available if no NATing is to take place is either to route the traffic or bridge it. As the DMZ address is intended to be on the same subnet as the outside address routing is not possible, therfore it needs to be bridged, i.e. a transparent firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide