03-17-2012 09:36 AM
hello
we have a cisco asa 5505 and it working great .
i want to create web server that only selected public ip address can access .. so here is my seneriuo
Head Office
public ip address 155.155.155.1
IT Servers .192.168.10.1
Branch office 1
Public ip address
155.155.155.20.
Branch office 2
Public ip address
155.155.155.30
so i want only this two public ip address can access our It server 192.168.10.1 by serving web . not remote client connection
please any idea about this and how i can do that
thank you very much any time
03-17-2012 11:47 AM
Thomas,
1. Create a NAT rule for the web server.
2. Create an access list bound to your outside interface allowing the two branch offices' public IP addresses to access the server's public IP (the NAT address) via tcp port 80.
Both are most easily done by a novice ASA user under the ASDM GUI (Configuration, Firewall NAT Rules and Access Rules). For a command line guide procedure (8.2 or earlier) see this example.
03-17-2012 11:55 AM
Hello,
I guess you use the same public IP on the ASA 5505 outside interface to access Internal server via web. In that scenario you need to do port forwarding. Please see below...
static (inside,outside) tcp interface 80 192.168.10.1 80 netmask 255.255.255.255
access-list outside_access_in extended permit tcp host 155.155.155.20 interface outside eq www
access-list outside_access_in extended permit tcp host 155.155.155.30 interface outside eq www
access-group outside_access_in in interface outside
Try and let post how it goes.
hth
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: