asa 5505 config with public ips inside dmz and nat help.

Unanswered Question

hello there,

I have an asa 5505 with a /29 block, configured with the normal 1-1 static mapping in my dmz (to internal ips).

The problem starts now that i have one server that need to have a public ip address physically on it.

the only way i see to get this is to put the server in the outside vlan, but when i do this i have not ACL control of the traffic that goes IN the interface??

this is where i need help, how can i give the server a public ip, yet keep it behind some acl and firewall rolls.

(as if it goes in the outside interface i need to install a firewall on the server which makes no sense)

hope all this made sense to someone :).

any ideas let me know.

Thanks in advance and have a good one.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Sun, 09/27/2009 - 22:30

If you could subnet your /29 block further, then you can use a pair of public IPs, one on DMZ interface and the other on your server and add a static NAT.

static (dmz,outside) Server-Pub-IP Server-Pub-IP



This Discussion