Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

reg:asa 5505 vlans

Dear sir,

i have tipical problem is i have two servers connected to unmanagble switch and from that switch to connected to one of of the port eth0/0 and i taken output eth0/1 and i conncted to my pc through the firewall i want to access my servers

through the firewall.

but my doubt is we r trying to access the servers through the intranet .

server ip:i have two servers connected to unmanagble switch and from that switch to connected to one of of the port eth0/0 and i taken output eth0/1 and i conncted to my pc through the firewall i want to access my servers

server ip address:129.9.15.4 and 129.9.15.5 gateway:129.9.1.1

this setup will work or not because iam accessing the firewall from outside.

plz any tips plz ,iam vrygreatfull to cisco fourms.

regards

srini

3 REPLIES
Cisco Employee

Re: reg:asa 5505 vlans

Srini,

Question for you.

Do you want to access the server through the firewall or do you want to access the server internally.

Also, I replied to one of your questions yesterday. Please look at the link given below.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc16e32/1

Thanks

Gilbert

New Member

Re: reg:asa 5505 vlans

Dear gilbert,

Iam vry thankfull to ur reply and i want to access these servers internally through the firewall so plz kindly tell me any other config for this.

Thanks&regards

srini

Cisco Employee

Re: reg:asa 5505 vlans

Srini,

So, if you want to access these server internally through the firewall, there are two options

Optiona !:

you can create three interface on the ASA.

Outside

Inside

& DMZ

Put the servers on the DMZ interface. So, you should have a different network on the DMZ than the inside interface.

Lets say your inside interface is 192.168.1.x then you might want to give the DMZ interface the address 192.168.3.x which is a different network than your inside network.

Also, when you create the interface, you might want to make the security level as lower than the inside interface.

After that, you would need to create static translations. Since you will be going from the inside interface (which is a higher interface) to a DMZ interface (which is a lower interface), you would just need only static translations. If the servers needs to access or initiate the connection to your inside network then you need to configure an ACL to allow access from the DMZ to the inside interface.

Option B:

You can put the servers and everything on the inside interface and access them from your PC through internal IP address of the servers.

Hope this explains. Let me know if you want to follow Option A or Option B and send me the current config of the ASA.

Thanks

Gilbert

114
Views
0
Helpful
3
Replies