I am converting from a symantec enterprise firewall to a cisco asa 5510. Currently I have it setup so that any traffic designated for my external firewall port using port 80 gets directed to a web server and anything using port 25 gets directed to my smtp mail server. How do I set this up in the ASA? Do I have to use 2 external IP's each natted to the proper IP or can I share one like I am currently doing?
I have a few extra public IP's. I added one of them as a host and tried to configure it to nat to my internal web server and created a rule allowing port 80 traffic from any external entity to this web server. Every time I test it I get a tcp syn timeout.
I am a beginner with the cisco so I assume its something I am doing wrong. Anyone have any advice?
I am not sure how it can be done in ASA but should be similar to how it is done in FWSM/PIX. What you need is Static PAT where you map the same global IP to different ports on indivudual app servers internally.
Following example would give you better idea about things
Thanks for the link. I think I have added the PAT lines I need but now I am getting ACL errors. I created a rule allowing all TCP port 80 traffic from the outside to my internal web server at 192.168.1.10. But I keep getting a TCP access denied by ACL from 192.168.1.49/1787 (my IP) to inside 126.96.36.199/80 (the IP of my external port on the firewall. Here are my access rules:
access-list outside_access_in extended permit tcp any host 188.8.131.52 eq www
access-list outside_access_out extended permit tcp host 184.108.40.206 any eq www
Again this is how it is setup on my symantec firewall so I dont understand why it doesnt work on the cisco.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...