cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
279
Views
0
Helpful
1
Replies

Firewall ASA Configuration

abbas.ali
Level 1
Level 1

I have a vendor who wants to access some of our staging servers over the Public Internet.

Vendor will be sourcing from 201.57.56.10

Our servers are on Inside Network and the addresses that the vendor need to access are:

10.20.100.1

10.20.200.1

Do I need static mappings or just need an access-list one for Inside and the other one for outside, for example,

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10 host 10.20.100.1 eq 80

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10  host 10.20.100.1 eq 443

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10  host 10.20.200.1 eq 80

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10  host 10.20.200.1 eq 443

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.100.1 host 201.57.56.10 eq 80

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.100.1 host  201.57.56.10 eq 443

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.200.1 host  201.57.56.10 eq 80

access-list INSIDE-ACCESS-OUT extended permit tcp host 10.20.200.1 host  201.57.56.10 eq 80

Thanks

1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

You will need a NAT translation. You have to map a public IP address to a private IP. For example

static (inside,outside) 69.222.73.5 10.20.100.1 netmask 255.255.255.255

The your ACL need to be adjusted to point to the public, not the private, IP.

access-list OUTSIDE-ACCESS-IN extended permit tcp host 201.57.56.10   host 69.222.73.5 eq 443

Hope it helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: