Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PPPoE static IP Webserver in DMZ

Hello out there,

ich have a problem with an ASA 5515 configuration. I have 2 internet connections (WAN static,WAN2 pppoe with static ip) . On the pppoe and the outside, i need a webserver in the DMZ The configurstion looks like this:

ASA Version 8.6(1)2

interface GigabitEthernet0/1

nameif outside

security-level 0

ip address 80.80.X.X 255.255.255.248

!

interface GigabitEthernet0/2

nameif pppoe

security-level 0

pppoe client vpdn group CSP

ip address pppoe setroute

!

route outside 0.0.0.0 0.0.0.0 80.80.X.X-1 1

nat (DMZ1,outside) source static DMZ1_16 EXT_80.80.X.X service tcp_http tcp_http

nat (DMZ1,pppoe) source static DMZ1_16 EXT_217.91.X.X service tcp_http tcp_http

this nat roule is not accepted because of the public adress assigned to the pppoe interface

access-list outside_access_in extended permit tcp any object DMZ1_16 eq www

access-list pppoe_access_in extended permit tcp any object DMZ1_16 eq www

Access to the Server from external 80.80.X.X is possible

when i use the following nat rule (instead of nat (DMZ1,pppoe)......)

nat (DMZ1,any) source static DMZ1_16 EXT_217.91.X.X service tcp_http tcp_http

I can access the webserver with the IP 217.91.X.X also from inside, but not from the internet (using a mobile phone).

i think the problem is the routing of the default gateway. but i have no idea how to get it work. Normally its ok connecting through ip 80.80.X.X, but we have an old software which connects to the pppoe ip adress, and this can not be replaced right now.

regards

160
Views
0
Helpful
0
Replies
CreatePlease login to create content