01-21-2010 08:57 AM - edited 03-11-2019 09:59 AM
I have been trying to configure 2 static nat
rules to allow traffic to pass to a internal server for http and RDP services
here is what I currently have working:
interface eth 0/0 "extranet" IP: 64.xxx.xxx.148
interface eth 0/1 "intranet" IP 10.xxx.xxx.1
WEB/RDP SERVER IP 10.xxx.xxx.13
nat-control
global (extranet) 1 interface
nat (intranet) 1 0.0.0.0 0.0.0.0
route extranet 0.0.0.0 0.0.0.0 64.xxx.xxx.145 1
access-group outside_in in interface extranet
access-list outside_in extended permit icmp any any 'for troubleshooting purposes
so far this works fine, I've added variations of access-list/static rule examples I've seen posted to try and create the routing to the internal server but nothing seems to work.
The server in question does ave access going out and I can access the web abd RDP services from internal addresses.
a little nudge in the right direction would be greatly appreciated.
01-21-2010 09:00 AM
Sorry, I should have mentioned I'm running ASA Version 8.0(4) as well.
01-21-2010 09:46 AM
I have been trying to configure 2 static nat
rules to allow traffic to pass to a internal server for http and RDP services
here is what I currently have working:
interface eth 0/0 "extranet" IP: 64.xxx.xxx.148
interface eth 0/1 "intranet" IP 10.xxx.xxx.1
WEB/RDP SERVER IP 10.xxx.xxx.13
nat-control
global (extranet) 1 interface
nat (intranet) 1 0.0.0.0 0.0.0.0route extranet 0.0.0.0 0.0.0.0 64.xxx.xxx.145 1
access-group outside_in in interface extranetaccess-list outside_in extended permit icmp any any 'for troubleshooting purposes
so far this works fine, I've added variations of access-list/static rule examples I've seen posted to try and create the routing to the internal server but nothing seems to work.
The server in question does ave access going out and I can access the web abd RDP services from internal addresses.
a little nudge in the right direction would be greatly appreciated.
Don
If you are presenting the internal web server on it's own address -
static (intranet,extranet) 10.xxx.xxx.13 10.xxx.xxx.13 netmask 255.255.255.255
access-list outside_in permit tcp any host 10.xxx.xxx.13 eq http
access-list outside_in permit tcp any host 10.xxx.xxx.13 eg 389
if you are presenting the web server a different address eg. 64.xxx.xxx.150
static (intranet,extranet) 64.xxx.xxx.150 10.xxx.xxx.13 netmask 255.255.255.255
access-list outside_in permit tcp any host 64.xxx.xxx.150 eq http
access-list outside_in permit tcp any host 64.xxx.xxx.150 eg 389
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: