Announcement

Collapse
No announcement yet.

Configure another public IP address and DMZ configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure another public IP address and DMZ configuration

    Here is my network Diagram and my questions:
    Router 2821 G0/0 Port connected to F0/0 Firewall ASA 5510 ( outside Network ) configured with static Public IP address ( 209.x.x.10)
    Firewall F0/2 ( DMZ) Connected to Switch 3560- 172.16.3.254
    Switch 3560 configured to hold many couple of VLANS.

    I have already connected my WebServer to Switch and connect it to the right VLAN, I know that because I can ping from ASA Firewall ( DMZ interface ) to the webServer ( 172.16.2.10)

    MY ISP provided me many Public IP address, and I want to use another IP address ( 209.x.x.11) and configured it on Firewall, so when people ( outside ) type this IP address from their IE, it will be forwarded to DMZ webServer.


    also below part of my ASA config:


    Running-Config:
    access-list inbound extended permit tcp any host 209.x.x.9 eq www
    access-list inbound extended permit tcp any host 209.x.x.9 eq smtp
    access-list inbound extended permit tcp any host 209.x.x.9 eq https
    access-list inbound extended permit icmp any host 209.x.x.10 echo-reply
    access-list DMZIN extended permit tcp host 172.16.3.3 host 172.16.1.4 eq smtp
    access-list DMZIN extended permit tcp host 172.16.3.3 host 172.16.1.2 eq ldap
    access-list DMZIN extended permit udp host 172.16.3.3 any eq domain
    access-list DMZIN extended permit icmp host 172.16.3.3 any
    access-list DMZIN extended permit udp host 172.16.3.3 any eq ntp
    access-list DMZIN extended permit tcp host 172.16.3.3 any eq www
    access-list DMZIN extended permit tcp host 172.16.3.3 any eq 8000
    access-list DMZIN extended permit udp any host 172.16.1.2 eq ntp
    access-list DMZIN extended permit udp any host 172.16.65.2 eq ntp
    access-list inside_nat0_outbound extended permit ip 172.16.2.0 255.255.255.0 192.168.99.0 255.255.255.240
    access-list inside_nat0_outbound extended permit ip 172.16.65.0 255.255.255.0 192.168.99.0 255.255.255.240
    access-list inside_nat0_outbound extended permit ip any 192.168.99.0 255.255.255.240
    access-list marketingin extended deny tcp any any eq telnet
    access-list marketingin extended deny tcp any any eq ssh
    access-list marketingin extended deny tcp any any eq 3389
    access-list marketingin extended permit icmp any any
    access-list marketingin extended permit icmp any any echo
    access-list marketingin extended permit icmp any any echo-reply
    access-list marketingin extended permit ip 192.168.49.0 255.255.255.0 any
    access-list marketingin extended permit udp any host 172.16.1.2 eq ntp
    access-list marketingin extended permit udp any host 172.16.65.2 eq ntp
    access-list usersin extended deny tcp any any eq telnet
    access-list usersin extended deny tcp any any eq ssh
    access-list usersin extended permit udp 192.168.10.0 255.255.255.0 host 172.16.65.2 eq bootps
    access-list usersin extended deny ip 192.168.10.0 255.255.255.0 172.16.0.0 255.255.0.0
    access-list usersin extended permit ip 192.168.10.0 255.255.255.0 any
    access-list usersin extended permit udp any host 172.16.65.2 eq ntp
    access-list usersin extended permit udp any host 172.16.1.2 eq ntp
    global (outside) 1 interface
    global (outside) 2 209.x.x.9 netmask 255.255.255.255
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 2 172.16.1.4 255.255.255.255
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (DMZ) 1 172.16.3.3 255.255.255.255
    static (DMZ,outside) tcp 209.x.x.9 smtp 172.16.3.3 smtp netmask 255.255.255.255
    static (inside,outside) tcp 209.x.x.9 https 172.16.1.4 https netmask 255.255.255.255
    static (inside,outside) tcp 209.x.x.9 www 172.16.1.4 www netmask 255.255.255.255
    static (inside,DMZ) 172.16.1.4 172.16.1.4 netmask 255.255.255.255
    static (DMZ,inside) 172.16.3.3 172.16.3.3 netmask 255.255.255.255
    static (inside,DMZ) 172.16.2.0 172.16.2.0 netmask 255.255.255.0
    static (inside,DMZ) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
    access-group inbound in interface outside
    access-group DMZIN in interface DMZ
    access-group usersin in interface telecom
    access-group marketingin in interface Employees
    access-group sales in interface sales


    ----------------

    Hope someone provide the right code to that ?

    Thanks
Working...
X