Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA Firewall and NAT rules

Hi Guys,

I'm not the greatest on Pix/ASA firewalling. I need help with the following issue.

I have a remote site that needs to acccess one host behind an ASA. VPN is not needed here.

I would like a set of rules where i can allow any connection coming from the remote sites public ip only - in to the ip behind my ASA.

i.e.

Public IP of remote site 1.1.1.1

IP of our network 2.2.2.2

Inside interface of our ASA 192.168.1.1

Host inside out routed network 172.16.1.1

Allow all connections from 1.1.1.1 to 172.16.1.1

A bonus would be to allow ping for testing connectivity.

Thanks in advance

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA Firewall and NAT rules

hi,

Two things are required NAT and access-lists

the NAT configuration :

static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255

the access-lists config :

access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2

access-group out-in in interface outside

Also check whether the server 172.16.1.1 is reachable from the ASA box.

2 REPLIES

Re: ASA Firewall and NAT rules

hi,

Two things are required NAT and access-lists

the NAT configuration :

static(inside,outside) 2.2.2.2 172.16.1.1 netmask 255.255.255.255

the access-lists config :

access-list out-in extended permit ip host 1.1.1.1 host 2.2.2.2

access-group out-in in interface outside

Also check whether the server 172.16.1.1 is reachable from the ASA box.

Re: ASA Firewall and NAT rules

Thanks for that. It looks nice and simple. the 172.16.1.1 is reachable from the ASA.

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
296
Views
0
Helpful
2
Replies