Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Firewall ASA Configuration

I have a vendor who wants to access some of our staging servers over the Public Internet.

Vendor will be sourcing from 201.57.56.10

Our servers are on Inside Network and the addresses that the vendor need to access are:

10.20.100.1

10.20.200.1

Do I need static mappings or just need an access-list one for Inside and the other one for outside, for example,

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10 host 10.20.100.1 eq 80

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10  host 10.20.100.1 eq 443

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10  host 10.20.200.1 eq 80

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10  host 10.20.200.1 eq 443

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.100.1 host 201.57.56.10 eq 80

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.100.1 host  201.57.56.10 eq 443

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.200.1 host  201.57.56.10 eq 80

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.200.1 host  201.57.56.10 eq 80

Thanks

1 REPLY

Re: Firewall ASA Configuration

You will need a NAT translation. You have to map a public IP address to a private IP. For example

static (inside,outside) 69.222.73.5 10.20.100.1 netmask 255.255.255.255

The your ACL need to be adjusted to point to the public, not the private, IP.

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10   host 69.222.73.5 eq 443

Hope it helps.

160
Views
0
Helpful
1
Replies
CreatePlease to create content