- Posts: 3
- Thank you received: 0
ASA5505 inside loop back to inside based on outside address?
13 years 6 months ago #36883
by Daemonic
Hiya,
Further to my other post, i have re-jigged the topology as follows;
[code:1]NET <--> RTR <--> ASA5505 <--+--> WEBSERVER
+--> INSIDE
RTR = 192.168.1.1/24
ASA5505 = 192.168.1.100/24, 10.0.0.1/24
WEBSERVER = 10.0.0.5/24
INSIDE = 10.0.0.6/24[/code:1]
My config is now as follows;
Interfaces:[code:1]interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.100 255.255.255.0[/code:1]
ACL/PAT/ROUTE:[code:1]access-list outside_access_in extended permit tcp any host 192.168.1.100 eq www
access-list outside_access_in extended permit tcp any host 192.168.1.100 eq https
access-list outside_access_in extended permit tcp any host 192.168.1.100 eq ssh
access-list outside_access_in extended permit icmp any any echo-reply
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.0.0.5 www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
[/code:1]
I can do the following;
Is this possible? If so could anyone point me in the right direction. As everything ive tried so far has failed
[/list]
Further to my other post, i have re-jigged the topology as follows;
[code:1]NET <--> RTR <--> ASA5505 <--+--> WEBSERVER
+--> INSIDE
RTR = 192.168.1.1/24
ASA5505 = 192.168.1.100/24, 10.0.0.1/24
WEBSERVER = 10.0.0.5/24
INSIDE = 10.0.0.6/24[/code:1]
My config is now as follows;
Interfaces:[code:1]interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 192.168.1.100 255.255.255.0[/code:1]
ACL/PAT/ROUTE:[code:1]access-list outside_access_in extended permit tcp any host 192.168.1.100 eq www
access-list outside_access_in extended permit tcp any host 192.168.1.100 eq https
access-list outside_access_in extended permit tcp any host 192.168.1.100 eq ssh
access-list outside_access_in extended permit icmp any any echo-reply
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 10.0.0.5 www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
[/code:1]
I can do the following;
- INSIDE can access the internet - good
- INSIDE can access WEBSERVER using 10.0.0.5 - good
- WEB can access WEBSERVER using 192.168.1.100 - good
Is this possible? If so could anyone point me in the right direction. As everything ive tried so far has failed
[/list]
Time to create page: 0.119 seconds