Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510, DMZ, NAT

Hi,

I'm new to the ASA and I'm trying to set up a demo 5510 in a test environment.

There is a webserver in the DMZ that I'd like to make accessible to the inside and the outside. I have a /27 and would like to use a different IP than the interface for the webserver and I can't figure out how to get this working.

The webserver is at 172.16.0.176 and I would like to use xx.xx.184.88 to reach it from the outside. The outside interface on the ASA is xx.xx.184.90. Inside is 10.39.0.0.

Any tips?

  • Firewalling
1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA 5510, DMZ, NAT

Hi Nathan

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in permit tcp any host xx.xx.184.88 eq desiredportnumberhere

For reaching from inside

static (inside,DMZ) 172.16.0.176 172.16.0.176 netmask 255.255.255.25

Regards

3 REPLIES
Green

Re: ASA 5510, DMZ, NAT

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host xx.xx.184.90 eq www

access-group outside_access_in in interface outside

Re: ASA 5510, DMZ, NAT

Hi Nathan

static (DMZ,outside) xx.xx.184.88 172.16.0.176 netmask 255.255.255.255

access-list outside_access_in permit tcp any host xx.xx.184.88 eq desiredportnumberhere

For reaching from inside

static (inside,DMZ) 172.16.0.176 172.16.0.176 netmask 255.255.255.25

Regards

New Member

Re: ASA 5510, DMZ, NAT

Thanks, that worked great!

322
Views
4
Helpful
3
Replies