Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
2
Replies

asa 5505 config with public ips inside dmz and nat help.

hirasta
Level 1
Level 1

‎09-27-2009 01:37 PM

hello there,

I have an asa 5505 with a /29 block, configured with the normal 1-1 static mapping in my dmz (to internal ips).

The problem starts now that i have one server that need to have a public ip address physically on it.

the only way i see to get this is to put the server in the outside vlan, but when i do this i have not ACL control of the traffic that goes IN the interface??

this is where i need help, how can i give the server a public ip, yet keep it behind some acl and firewall rolls.

(as if it goes in the outside interface i need to install a firewall on the server which makes no sense)

hope all this made sense to someone :).

any ideas let me know.

Thanks in advance and have a good one.

Jonathan.

Labels:
0 Helpful
2 Replies 2

Yudong Wu
Level 7
Level 7

‎09-27-2009 10:30 PM

If you could subnet your /29 block further, then you can use a pair of public IPs, one on DMZ interface and the other on your server and add a static NAT.

static (dmz,outside) Server-Pub-IP Server-Pub-IP

HTH

0 Helpful

hirasta
Level 1
Level 1
In response to Yudong Wu

‎09-28-2009 01:09 PM

Hey hth,

Thanks for the tip there, I cannot subnet the network i have as all ips in use, but you did give me a good idea there, as i have an extra subnet, will have to swing some server but that will do.

Thanks for the tip.

J

0 Helpful
Customers Also Viewed These Support Documents