Question

  • Creator
    Topic
  • #2149603

    help to configure Cisco ASA 5540

    Locked

    by punyarthisa ·

    Hello..

    I want to configure ASA so that the Intranet users on private IP class on outside interface should be able to access the web server on inside interface of ASA.

    I tried with giving access list and NATing in similar as i do for giving web server access on internet public ip on outside interface. But its not working with Intranet IPs.

    pls help to resolve this problem…..

All Answers

  • Author
    Replies
    • #2913290

      Clarifications

      by punyarthisa ·

      In reply to help to configure Cisco ASA 5540

      Clarifications

    • #2914225

      static nat

      by synner ·

      In reply to help to configure Cisco ASA 5540

      To allow access from the outside to an inside server, you need a static translation and ACLs.

      ex: web server: 192.168.1.32/24
      outside: 192.168.2.0/24

      static (inside,outside) 192.168.2.32 192.168.1.32 netmask 255.255.255.255

      access-list 100 permit any host 192.168.2.32 eq 80

      access-group 100 in int outside

      NOTE: I’m only doing this from memory (not connected to my pix at this time). Some of the commands may need other parameters. But the idea is to create a static translation, create an access-list to allow the desired traffic and apply that access-list to the correct interface.

      The above example defines the inside webserver at 192.168.1.32 to appear on the oustide as 192.168.2.32. Access is given to the global address (not the private inside address). The ACL is applied to the inbound outside interface.

Viewing 1 reply thread