I have just bought an ASA 5510 and am trying to configure it, but it is not working the way I expect.
I have several internal servers which need to be accessed from the web. If I create a NAT entry for each, and a corresponding access rule, the servers cannot be accessed. If, however, I add the servers in the 'Public Servers' section, it automatically adds the appropriate NAT and Access rule, and it works. My first question is why is this so? Surly adding the NAT and Access rule should work?
Secondly, although it works by adding the servers via Public folders, it only does so by assigning a different public IP for each internal server. I want to assign different ports from one external IP to different internal servers to conserve IP's, but it will not let me do this: adding a server in Public server assigns an IP to that internal server, even though I specify, for example, only smtp as the service. If I try to add another Public server, say http, to another internal machine, it says the external address overlaps with another in use. This can be done by configuring NAT and Access Rule directly, but this doesn't work. I can only access my servers by doing it via Public Servers. is this by design, or am I doing something wrong??
Yes, but before attempting the upgrade to 8.3 you need to consider that the NAT configuration changed completely, the entire configuration is more object-group oriented than before, etc. You need extra memory also.
Please review this information prior going to 8.3
Migration guide to 8.3
Yes, you're right.
On the ACLs, the outside (public) IP address needs to be defined.
If you define the private IP on the ACL (for incoming traffic) it will not work because the only IP visible to the Internet is the outside IP.
Actually just as a side note, this is a new improvement on version 8.3
Using 8.3 you can define the private real address on the incoming ACL, so that if you need to change the public IP, you don't need to modify the ACL each time.