I am trying to setup NAT translation on a ASA 5505, however the new public IP address never actually becomes available after adding it. I'm sure I'm doing something stupid, but so far the problem has eluded me. Basically, I'm trying to map XX.XX.115.195 => 192.168.125.7. XX.XX.115.194 is the public IP of the firewall, and it is accessible, but 115.195 never seems to get picked up. I inherited the original configuration so it is possible that one of the other rules is preventing this from happening. I've included what I believe are the relevant sections below.
Below is the specific rule I added. I've confirmed I'm able to reach the 125.7 server from inside the firewall on the usual ports and protocols, but from the outside the public 115.195 does not respond to anything.
static (outside,inside) 192.168.125.7 XX.XX.115.195 netmask 255.255.255.255
ASA Version 7.2(4)
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.125.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address XX.XX.115.194 255.255.255.248
!
access-list outside-in extended permit tcp any host XX.XX.115.194 eq 44000
access-list outside-in extended permit tcp any host XX.XX.115.194 eq https
access-list outside-in extended permit tcp any host XX.XX.115.194 eq 4000
access-list inside_nat0_outbound extended permit ip any 192.168.125.192 255.255.255.192
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 44000 192.168.125.15 44000 netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.125.15 https netmask 255.255.255.255
static (inside,outside) tcp interface 4000 192.168.125.15 4000 netmask 255.255.255.255
static (outside,inside) 192.168.125.7 XX.XX.115.195 netmask 255.255.255.255
access-group outside-in in interface outside
No comments:
Post a Comment