cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2420
Views
0
Helpful
2
Replies

how i can configure the below ASA 5505 Web Servers -

ThomasMull9000
Level 1
Level 1

hello

we have a cisco asa 5505 and it working great .

i want to create web server that only selected public ip address can access .. so here is  my seneriuo

Head Office

public ip address 155.155.155.1

IT Servers .192.168.10.1

Branch office 1

Public ip address

155.155.155.20.


Branch office 2

Public ip address

155.155.155.30

so i want only this two public ip address can access our It server 192.168.10.1 by serving web . not remote client connection

please any idea about this and how i can do that

thank you very much any time


2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Thomas,

1. Create a NAT rule for the web server.

2. Create an access list bound to your outside interface allowing the two branch offices' public IP addresses to access the server's public IP (the NAT address) via tcp port 80.

Both are most easily done by a novice ASA user under the ASDM GUI (Configuration, Firewall NAT Rules and Access Rules). For a command line guide procedure (8.2 or earlier) see this example.

mvsheik123
Level 7
Level 7

Hello,

I guess you use the same public IP on the ASA 5505 outside interface to access Internal server via web. In that scenario you need to do port forwarding. Please see below...

static (inside,outside) tcp interface 80 192.168.10.1 80 netmask 255.255.255.255

access-list outside_access_in extended permit tcp host 155.155.155.20 interface outside eq www

access-list outside_access_in extended permit tcp host 155.155.155.30 interface outside eq www

access-group outside_access_in in interface outside

Try and let post how it goes.

hth

MS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: