ASA Outside Interface

Answered Question
Aug 20th, 2010
User Badges:

Hello Dears,


Can i use ASA outside interface public IP for servers in DMZ to publish on internet definately i will use different port number for differnt servers and also the same interface IP can i use for remote vpn.



Thanks,

Correct Answer by Nagaraja Thanthry about 6 years 7 months ago

Hello,


Yes, you can use the same IP for remove VPN as well as long as you are using

IPSec. If you are using WebVPN, please make sure that you are not using port

443 (HTTPS) for any other purpose on the outside interface (including ASDM).


Regards,


NT

Correct Answer by Nagaraja Thanthry about 6 years 7 months ago

Hello,


Yes, you can use the outside interface IP for publishing services. You need

to use static PAT for this. Please make sure that there is no port conflict.


Regards,


NT

Correct Answer by Jennifer Halim about 6 years 7 months ago

Yes, definitely you can.


An example for your reference:

Outside public ip address is 100.1.1.1

DMZ web server ip address is 172.16.1.1

DMZ mail server ip address is 172.16.1.5

You are hosting web server and mail server on your DMZ for example


static (dmz,outside) tcp interface 80 172.16.1.1 80 netmask 255.255.255.255

static (dmz,outside) tcp interface 25 172.16.1.5 25 netmask 255.255.255.255


Assuming you are using ASA version 8.2 or below.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Correct Answer
Jennifer Halim Fri, 08/20/2010 - 05:24
User Badges:
  • Cisco Employee,

Yes, definitely you can.


An example for your reference:

Outside public ip address is 100.1.1.1

DMZ web server ip address is 172.16.1.1

DMZ mail server ip address is 172.16.1.5

You are hosting web server and mail server on your DMZ for example


static (dmz,outside) tcp interface 80 172.16.1.1 80 netmask 255.255.255.255

static (dmz,outside) tcp interface 25 172.16.1.5 25 netmask 255.255.255.255


Assuming you are using ASA version 8.2 or below.


Hope that helps.

Correct Answer
Nagaraja Thanthry Fri, 08/20/2010 - 05:27
User Badges:
  • Cisco Employee,

Hello,


Yes, you can use the outside interface IP for publishing services. You need

to use static PAT for this. Please make sure that there is no port conflict.


Regards,


NT

estelamathew Fri, 08/20/2010 - 05:49
User Badges:

Hello,


Also i can use the same for remote access vpn, for users to connect from their house.


Thanks,

Correct Answer
Nagaraja Thanthry Fri, 08/20/2010 - 05:57
User Badges:
  • Cisco Employee,

Hello,


Yes, you can use the same IP for remove VPN as well as long as you are using

IPSec. If you are using WebVPN, please make sure that you are not using port

443 (HTTPS) for any other purpose on the outside interface (including ASDM).


Regards,


NT

Actions

This Discussion