Mapping of public IP to private IP

rjpselguera · ‎09-10-2010

Hello!

I have some issues with respect to the translating of the public IP address of our webserver for ASA 5510 ver 8.0. The public IP address of our appserver is xxx.xxx.59.121 and it is mapped to a dmz address of 15.15.100.51/24. Now the problem here is I can't access the appserver couldn't be accessed both from the LAN and the outside. I believe that normally the outside couldn't pass through the dmz since it is going from a lower security level to a higher one and yet why couldn't I access the dmz zone from the Local Area Network? (See attached network diagram)

I have issued already a static command: static (dmz,outside) 15.15.100.51 xxx.xxx.59.121 netmask 255.255.255.224. I have also created an access-list in which it could permit traffic from the outside interface into the dmz interface. Now, one of the problems that I see is this... our ISP have issued us another range of public IP address that we can use and one of it is issued on the outside interface of ASA: xxx.xxx.51.161. Will this be one of the possible reasons in which the we couldn't access the appserver from the outside interface?

What configuration did I miss? Can you help me on this?

Thanks.

Jon Marshall · ‎09-10-2010

Your static is the wrong way round ie. you have -

static (dmz,outside) 15.15.100.51 xxx.xxx.59.121 netmask 255.255.255.224

it should be

static (dmz,outside) xxx.xxx.59.121 15.15.100.51 netmask 255.255.255.255

you need to allow access in the acl to the public address of xxx.xxx.59.121

Jon