05-15-2007 05:52 AM - edited 03-11-2019 03:14 AM
New to the ASA series. I am installing a 5505 later today. Company has two buildings connected via fiber. ASA will go behind the router and into a switch connecting the two.
Main goal is to protect an iSeries webserver on their internal network. Inside interface is configured with internal network of 172.20.x.x. Outside with static from ISP, 209.143.x.x.
Being new to this, I'm assuming I need an access rule to allow traffic from the WAN to the iSeries box. My current rule is set up like this.
outside, incoming, permit, any (0.0.0.0) to 172.20.x.x (IP of iSeries). Protocol is TCP, service on source = any, service on destination = http/www.
My question is, is this correct? Any help would be appreciated.
05-15-2007 06:03 AM
For permiting traffic from outside to inside you need two things one is your access-list statement and your nat statement.
Ideally i guess you should be looking at port forwarding.
So your statements could be.
access-list outside_inside extended permit tcp any host 209.143.x.x eq www
and you nat statement would be
nat(inside,outside) tcp interface www 172.20.x.x www netmask 255.255.255.255
Assuming your interface ip is 209.143.x.x.
HTH
Hoogen
Do rate if you find this post useful :)
05-15-2007 06:07 AM
Depending upon what the outside address of the server is you will have something like this...
static (inside,outside) 209.143.x.x 172.20.x.x netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host 209.143.x.x eq www
access-group outside_access_in in interface outside
or if the outside address of the server is the same as the outside interface of the ASA you can do...
static (inside,outside) interface 172.20.x.x netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host 209.143.x.x eq www
access-group outside_access_in in interface outside
or if you just want to port forward port 80...
static (inside,outside) tcp interface www 172.20.x.x www netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host 209.143.x.x eq www
access-group outside_access_in in interface outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: