I am currently in the process of migrating my old IP440 based Checkpoint firewalls to ASA5520s and have come across a major headache.
I have a number of websites which reside on 2 DMZ webservers. Currently the webservers and each website have an address from the private DMZ subnet. The websites, however, also have an address from my public address pool so that they can be accessed by IP from outside and also for SSL. This is achieved on the Checkpoint by binding the legal IP address to the outside interface and using NAT to the DMZ.
I an struggling to see a way to implement this on the ASA. There doesn't appear to be a way to have multiple addresses on the outside interface and I can't see anyway around it.
Have any of you come across similar configurations where websites reside on a private-range DMZ but are accessed from outside by a unique legal IP?
The ip address doesn't have to reside on the physical outside interface in order for you to NAT the address. You simply create a "static" for each one of your webservers. For example your dmz private address is 192.168.10.10 and your public is x.x.x.x your config would be.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...