Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static with ACL

i have one global ip address x.x.188.5 and I have to servers 192.168.1.219 and 192.168.1.220. I want to advertise these servers over

the Internet on the following HTTPS & SSH.

How can i advertise these servers with one global IP address. Please help me out

2 REPLIES

Re: Static with ACL

Hi, If A.B.C.D is the global IP, and your servers 192.168.1.219 and 220 are in DMZ,

static (dmz,Outside) tcp A.B.C.D 443 192.168.1.219 443

static (dmz,Outside) tcp A.B.C.D 22 192.168.1.220 22

access-list out-in permit tcp any host A.B.C.D eq 443

access-list out-in permit tcp any host A.B.C.D eq 22

access-group out-in in interface Outside

New Member

Re: Static with ACL

thanks for the help, but now one more problem, i have my exchange server 172.15.1.2, 172.15.1.3. For internet browsing i m doing static nat for these two severs web surfacing. I want to only allow https, http and smtp for Internet browsing.

i tried this

static(inside,outside) x.x.x.x acccess-list exg-acl

access-list exg-acl extended permit tcp host 172.15.1.2 any eq https

access-list exg-acl extended permit tcp host 172.15.1.2 any eq http

access-list exg-acl extended permit tcp host 172.15.1.2 any eq smtp

access-list exg-acl extended permit tcp host 172.15.1.3 any eq https

access-list exg-acl extended permit tcp host 172.15.1.3 any eq http

access-list exg-acl extended permit tcp host 172.15.1.3 any eq smtp

but it is not working only when i allow the full ip by this

access-list exg-acl extended permit ip host 172.15.1.3 any

access-list exg-acl extended permit ip host 172.15.1.2 any

why it is so. Please let me know

112
Views
4
Helpful
2
Replies