09-27-2009 01:37 PM
hello there,
I have an asa 5505 with a /29 block, configured with the normal 1-1 static mapping in my dmz (to internal ips).
The problem starts now that i have one server that need to have a public ip address physically on it.
the only way i see to get this is to put the server in the outside vlan, but when i do this i have not ACL control of the traffic that goes IN the interface??
this is where i need help, how can i give the server a public ip, yet keep it behind some acl and firewall rolls.
(as if it goes in the outside interface i need to install a firewall on the server which makes no sense)
hope all this made sense to someone :).
any ideas let me know.
Thanks in advance and have a good one.
Jonathan.
09-27-2009 10:30 PM
If you could subnet your /29 block further, then you can use a pair of public IPs, one on DMZ interface and the other on your server and add a static NAT.
static (dmz,outside) Server-Pub-IP Server-Pub-IP
HTH
09-28-2009 01:09 PM
Hey hth,
Thanks for the tip there, I cannot subnet the network i have as all ips in use, but you did give me a good idea there, as i have an extra subnet, will have to swing some server but that will do.
Thanks for the tip.
J
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide