Re: DMZ and web server

hanimolani · ‎05-07-2010

Dear All

I have A web server in my DMZ of network,

internet----ASA----DMZ

The issue is I want to give my web server and invalid ip address like 172.x.x.x

but I dont know how can I bind valid ip address into this web server

my valid ip address is 61.x.x.1 i set this ip as my outside interface

my web server will be 61.x.x.2

but i do not know where 61.x.x.2 should be set..i tried to set this ip address into DMZ interface but asa rejected because overlap with my outside interface.

should this ip set (61.x.x.2) on my web server or asa or where?

thank you

Jennifer Halim · ‎05-08-2010

You can configure translation on the ASA for the web server.

For example:

Web server ip address is 172.16.1.2, and you would like to translate it to public ip of 61.x.x.2:

static (dmz,outside) 61.x.x.2 172.16.1.2 netmask 255.255.255.255

For outside hosts to access the web server from the Internet, you would need to configure access-list to allow access.

For example: if you need HTTP and HTTPS access to the web server, then configure the following:

access-list outside-acl permit tcp any host 61.x.x.2 eq 80

access-list outside-acl permit tcp any host 61.x.x.2 eq 443

access-group outside-acl in interface outside

Hope that helps.