We have two DMZ's with servers using public ip-address ranges. On our old linux-based firewall we use one of these public ip-addresses for portforwarding (different ports) to two different hosts, one on each dmz.
When I tried it on a Cisco Pix running software version 6.3 in a lab environment it work perfect but when I copied the lines to our new ASA 5510, running 7.2(1) it complains about conflicting static lines.
access-list extended Portforwarding6500 permit tcp object-group PublicServer1 650 any
access-list extended Portforwarding6600 permit tcp object-group PublicServer2 660 any
Yes, that's the way I want it, preferably by using only one public ip for both ports but neither the Pix or the ASA will let me do that with ordanary static lines like that, it starts complaining about "WARNING: mapped-address conflict with existing static". (Actually, that seems to be related to having the machines on different interface, just now when I tried it I wrote the second static line to be on DMZ1 as well and it didn't complain, so I guess I'll just have to use two public ip's for this)
But then the next problem arise, as the hosts on the DMZ's have public ip's I have to tell the ASA not to NAT the ordinary DMZ traffic, either by a NAT 0 command or with static lines as in my fist post and then it starts to complain again with the same error (WARNING: real-address conflict with existing static)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...