01-07-2007 09:26 AM - edited 03-11-2019 02:16 AM
Hi,
I'm a little confused maybe someone could help me out here.
I'm trying to get an ASA5510 ASA Version 7.1(2) on the road here.
Problem is that i want to publish an SMTP server on the inside network on the Internet, and provide all inside hosts with internet.
Problem is that i only have 1 static public ip address.
For getting Internet access on the inside hosts i use :
global (Outside) 1 interface
nat (Inside) 1 10.100.50.0 255.255.255.0
But as soon as i try to add a rule (and as far as my knowledge goes that needs to be) :
access-list smtp extended permit tcp any host external ip address eq smtp
static (inside,outside) public ip address inside ip address netmask 255.255.255.255
access-group smtp in interface outside
I lose all internet connectivity on my inside hosts.
What am doing wrong , or is this not possible with an ASA and one public ip address ?
Thanks for helping.
Solved! Go to Solution.
01-07-2007 12:02 PM
Well, I have the more secure alternative :)
You will keep the nat, and add a static only for SMTP port, this way will be secure.
The line is :
static (Inside,Outside) tcp
VOILA :)
Please rate if this helped.
Regards,
Daniel
01-07-2007 09:59 AM
Ignore this question please, my mistake
an
static (Inside,Outside) external ip internal ip netmask 255.255.255.255
access-group test in interface Outside
access-list test extended permit ip any host external ip
Did the trick.
Please be aware that this sollution allows all trafic trough to the internal host (which is not secure)
01-07-2007 12:02 PM
Well, I have the more secure alternative :)
You will keep the nat, and add a static only for SMTP port, this way will be secure.
The line is :
static (Inside,Outside) tcp
VOILA :)
Please rate if this helped.
Regards,
Daniel
01-11-2007 01:02 AM
Great one, will use this one in the future.
For this config i managed to get rid of a stupid 2wire adsl modem which was not able to route a small subnet of public ip addresses.
I installed an Cisco 837 instead which does its work perfectly.
In this configuration i also wanted to publish HTTP & HTTP on an inside host, but also want to use WebVPN, so i needed an extra public ip anyway.
01-11-2007 02:39 AM
Glad to help :)
Cheers,
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide