10-03-2009 11:43 AM - edited 03-11-2019 09:22 AM
Hi,
I have one public Ip address and wants to nat with one DMZ address and one insdie address
DMZ address for smtp ( anyone from outside should be able to connect to smtp server)
Inside address for http ( anyone from internet should be able to access web-server )
Is this possible.
Solved! Go to Solution.
10-04-2009 08:50 AM
"Can I do the same without using ASA external (Outside) IP.
Assuming I have one free public IP."
Yes, as long as the public IP address has been assigned to your company.
The static statements would change slightly ie.
assuming free public IP - 195.17.17.10
static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255
static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25
"Is similar scenario documented on cisco documentation. Any Help."
Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.
Jon
10-03-2009 01:33 PM
Certainly,
If your public address is the one assigned to your outside interface, this is how its done.
static (inside,outside) tcp interface 80 web-server-ip 80 netmask 255.255.255.255
static (dmz,outside) tcp interface 25 mail-server-ip 25 netmask 255.255.255.255
10-03-2009 10:14 PM
Also, in addition to the static NAT statements, you will have to allow TCP port 80 and port 25 on your OUTSIDE interface Access-List.
10-04-2009 08:39 AM
Can I do the same without using ASA external (Outside) IP.
Assuming I have one free public IP.
Is similar scenario documented on cisco documentation. Any Help.
10-04-2009 08:50 AM
"Can I do the same without using ASA external (Outside) IP.
Assuming I have one free public IP."
Yes, as long as the public IP address has been assigned to your company.
The static statements would change slightly ie.
assuming free public IP - 195.17.17.10
static (inside,outside) tcp 195.17.17.10 80 web-server-ip 80 netmask 255.255.255.255
static (dmz,outside) tcp 195.17.17.10 25 mail-server-ip 25 netmask 255.255.255.25
"Is similar scenario documented on cisco documentation. Any Help."
Pretty much any docs on ASA configuration will include this so a quick search "ASA configuration guides" would give you a list of docs to use.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: