hi have another problem with ASA 5512. I have configured static NAT, and i have configured network Centos 6 server all work fine. I have installed Cpanel (that not support NAT 1:1 in STABLE version but only in EDGE version).
The problem is that if set internal address on server INTERNAL TO EXTERNAL all working fine. But if i give a dedicated IP to the site EXTERNAL TO INTERNAL not work.
If i ping the site give me only internal address and not external.
One of solutions si to insert PRIVATE IP AND PUBLIC IP in address list, but there isn't a way to insert only external IP and have automatic translation in Internal IP
If i have this configuration
All work fine but i want that this configuration work fine
You will either need to use Static NAT which to my understanding you are using in the first configuration of the actual server.
Or you will need to configure the public subnet directly on some ASA interface, most likely some DMZ interface since you are hosting a server to external network.
Last time you mentioned that you doubt that the ISP would be willing to do any changes to their setup which sounds pretty wierd to me. If you have been provided with 2x /27 subnets already from the ISP there should be no problem either using the the other subnet /27 on the DMZ interface of the ASA or split one of the /27 subnets to something even smaller and configuring one of those smaller subnets in the ASA DMZ interface.
Lets take this for example
Public Subnet 1 = 184.108.40.206/27
Public Subnet 2 = 220.127.116.11/27
You could for example have the following interface configurations on the ASA
ip add 18.104.22.168 255.255.255.224
ip add 22.214.171.124 255.255.255.224
Now you could for example configure a server on the DMZ with the IP address 126.96.36.199
But naturally as we cant see your exact setup and firewall configurations its impossible to say what you would need to do to get your second server configuration option to work.
But to me it seems certain that to be able to configure the public IP address directly on the server you will have to configure some public subnet directly where ever your server is connected. If its connected to some ASA DMZ interface then the ASA interface must be configured with the public subnet. If the server is connected to some core device then the public subnet has to be configured there.
Seems to me according to your ASA configuration that only the "External2" interface has public IP address space that is not used while the "External" interfaces public IP address space has been used up from both start and end of the subnet.
It also seems that you have no routers on the internal networks since there is no routing configurations or static routes on your ASA. This would essentially mean that if you wanted to have a public IP address directly on the server then that public subnet would have to be configured on the ASA (as there are no internal routers)
It seems to me that for this server you would perhaps need to split the second public subnet to either a /28 or /29 subnets depending on how much of this public address space of "External2" subnet you want to allocate to the new DMZ interface
Lets say that the External2 network is 188.8.131.52/27 (184.108.40.206 - 220.127.116.11)
It seems that you have not used any public IP addresses that would be part of 18.104.22.168/28 (22.214.171.124 - 126.96.36.199)
So if you wanted to for example split the "External2" in the above mentioned way you could do the following changes with the ISP (ofcourse using the actual public IP addresses)
ip address 188.8.131.52 255.255.255.240
description Public DMZ
ip address 184.108.40.206 255.255.255.255.240
The ISP would also have to change the network mask on their gateway and add a static route for the splitted network/subnet
ip address 220.127.116.11 255.255.255.224
ip address 18.104.22.168 255.255.255.240
ip route 22.214.171.124 255.255.255.240 126.96.36.199
After this you would be able to use an IP address from the 188.8.131.52/28 (184.108.40.206 - 220.127.116.11 since you cant use the network,gw or broadcast address)
And as I said before, you would even have the option to split the "External2" network further but in that case would have to consider is there a need for that.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...