Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

DMZ and web server

Dear All

I have A web server in my DMZ of network,


The issue is I want to give my web server and invalid ip address like 172.x.x.x

but I dont know how can I bind valid ip address into this web server

my valid ip address is 61.x.x.1 i set this ip as my outside interface

my web server will be 61.x.x.2

but i do not know where 61.x.x.2 should be set..i tried to set this ip address into DMZ interface but asa rejected because overlap with my outside interface.

should this ip set (61.x.x.2) on my web server or asa or where?

thank you

Cisco Employee

Re: DMZ and web server

You can configure translation on the ASA for the web server.

For example:

Web server ip address is, and you would like to translate it to public ip of 61.x.x.2:

static (dmz,outside) 61.x.x.2 netmask

For outside hosts to access the web server from the Internet, you would need to configure access-list to allow access.

For example: if you need HTTP and HTTPS access to the web server, then configure the following:

access-list outside-acl permit tcp any host 61.x.x.2 eq 80

access-list outside-acl permit tcp any host 61.x.x.2 eq 443

access-group outside-acl in interface outside

Hope that helps.

CreatePlease to create content