Hi, I'm not familiar with cisco equipment and I cant find what I'm looking for in the documentation or on the web. Essentially, I want to use an ASA5510 in transparent mode for a bunch of web servers.
My firewall experience up to now has been to protect a local network where the lan and wan are of course seperate. In my situation here, there isnt a local network and i want the firewall to transparently protect the servers without needing to set up some kind of complicated DMZ type arrangement.
My setup is simple - I have a single IP feed, an ASA5510 and a Catalyst 3550 switch and 16 servers. I want the servers to keep their public IP's.
I've read the getting started guide for the firewall and I cant see any scenario that comes close to my configuration so I dont know where to start.
Could someone possibly nudge me in the right direction ?
I dont think so - static nat will translate a private IP into a public one. My servers dont have any private IP's as such they are all just on the internet, not on any LAN.
I suppose a DMZ kind of situation is what I need but I'm having trouble understanding why I would want to have a local interface and a public interface - why cant the firewall just transparently filter the traffic destined for the servers atached to the switch ?
even for DMZ, actually it functions like a static NAT, for your servers, it will be having a Private IP & on the Firewall you be routing all the incoming request from the outside interface to you local LAN ip interface, when routing this, you can define what ports has to be opened for the server residing in LAN. Thus by making this your server is safe when residing behind the firewall.
the connection would be as follows
Internet Client access your server by the following
Internet Client ----->Internet Router---->ASA----->Server(residing in LAN)
when the internet client touches your ASA, based on the policies assigned in ASA by you, it will take care what ports has to be permitted for the server etc...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.