To host an web server behind an firewall which is behind an router
Dear All,
Now i am trying to find an solution for this network structure
Aim: To host an webserver
Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900
Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
Server : 192.168.20.10/24
Switch : 192.168.20.2/24
Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
Default gateway for Router : 11.11.11.11 (Wan ip gateway)
Usable public LAN ip : 20.12.1.1-20.12.1.8
Like to host the server using one of the public lan ip natted with the server
If anyone know how to configure this kindly give ur suggestion and configuration details..
I have only one week time to do this..
Kindly assisst me
Thanks and regards
Balamurugan
Dear All,
Now i am trying to find an solution for this network structure
Aim: To host an webserver
Products used : HP Blade Server, Cisco 2960 Switch, Cisco ASA Firewall 5500, Cisco Router 1900
Connectivity : Static ip with Leased line from one ISP (8 IP's with 6 usable)
Setup: Server -->Switch-->Firewall-->Router-->ISP-----------ISP-->Router-->User
Server : 192.168.20.10/24
Switch : 192.168.20.2/24
Firewall : 192.168.10.2/24 (router end) and 192.168.20.1/24(switch end)
Router : 192.168.10.1/24 (firewall end) and 11.11.11.12(serial) (WAN IP)
Default gateway for Router : 11.11.11.11 (Wan ip gateway)
Usable public LAN ip : 20.12.1.1-20.12.1.8
Like to host the server using one of the public lan ip natted with the server
If anyone know how to configure this kindly give ur suggestion and configuration details..
I have only one week time to do this..
Kindly assisst me
Thanks and regards
Balamurugan
Similar Messages
-
Setting apache as a front end host-proxy web server for weblogic 10.3.3
Hi ,
i have installed apache 2.2.21 in the red hat linux 6 environment.Now i am trying to set that apache web server as a front end host ,proxy web server for my weblogic 10.3 application server cluster. My apache is listening to the port 8080.
What changes i had to made in admin console of my server as well as in the httpd.conf file of apache.
Can any one guide me how to proceed ?
Any help is highly appreciated......Thanks Ravi,
i have already gone through http://docs.oracle.com/cd/E12840_01/wls/docs103/plugins/apache.html.
In my case "mod_wl_22.so" was not available but i downloaded this p10051826_1033_Generic.zip file from where i got that file and make it available in the modules directory, changed the file permissions (using chmod 755 mod_wl_22.so) and also changed the httpd.conf file as below :
LoadModule weblogic_module modules/mod_wl_22.so
<IfModule mod_weblogic.c>
WebLogicCluster wlserv1:7001,wlserv2.com:7001
MatchExpression *.jsp
</IfModule>
By using /bin/ls command i checked the following :
/bin/ls: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
Using file mod_wl_22.so i checked the following:
mod_wl_22.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, not stripped
My problem is when i used ./apachectl -t i got the following error :
httpd: Syntax error on line 112 of /u40/app/apache/conf/httpd.conf:
Cannot load /u40/app/apache/modules/mod_wl_22.so into server: libstdc++.so.5:
cannot open shared object file: No such file or directory
So can u please guide me where my problem is and how to rectify it ? Its urgent. please help me.
Thanks
Jyoti Ranjan -
Connection from the web server to the database which is situated in another machine.
Thanks for the reply.
I need to know, whether there shold be a physical connection between the web server and database machine? or can we connect to the database machine through the web, if the database machine has a domain name? if there is a physical connection, we can use the jdbc/odbc connection. but if we are connecting through the web, how can I estblish the connection using a JDBC/ ODBC connection?
Regards,
GeorgeAs long as there's a network connection between the two machines, you should be able to make the connection. I'm not sure what the difference between a 'direct connection' and a 'connection through the web' is-- are you actually running a network cable from one machine to another?
When you cannot make the connection, are you able to do a 'tnsping' on the target database?
When you say 'connecting through the web', is it possible that you're going through a firewall? If so, the firewall may be blocking the ports you need to communicate on.
Justin Cave
ODBC Development -
Dear friends i am facing an issue in the hosting of my server from ASA publicly
i have already assing a public ip addd to the outside interface of the ASA ,My requirement is to configure firewall to host my web server publicly using the public ip not assign to the outside interface but different subnet,i make every configuration is i have done but i cant ping or connect my web server i can ping the web server from my ASA,but from outside i cannot reach my webserver.Could anyone help me in this because i am facing problem.
Below is the configuration of the firewall
server ip add 10.10.10.4(local,reachable)
public ip add-78.72.232.66(default gateway)
sho run configuration of the firewall
ASA Version 8.2(5)
hostname TAD-FW
domain-name tadrees.com
enable password lpW.MGeEHg0ISQZq encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description Connected to TAD-Router G0/1
nameif outside
security-level 0
ip address 78.72.29.174 255.255.255.252
interface Ethernet0/1
description Connected to Cisco SMB Switch G1
nameif inside
security-level 100
ip address 10.15.1.1 255.255.255.248
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
no ip address
management-only
banner login ******** TADREES FIREWALL ********
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 84.22.224.11
name-server 84.22.224.12
domain-name tadrees.com
access-list split-tunnel standard permit 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.1.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list nonat extended permit ip 10.10.0.0 255.255.0.0 10.1.1.0 255.255.255.0
access-list Mename-Access extended permit tcp any host78.72.232.66 eq https
access-list Mename-Access extended permit tcp any host 78.72.232.66 eq www
pager lines 24
logging enable
logging buffered debugging
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool sslvpnpool 10.1.1.1-10.1.1.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-702.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 78.722..232.66 www 10.10.10.4 www netmask 255.255.255.255
access-group Mename-Access in interface outside
router rip
network 10.0.0.0
version 2
route outside 0.0.0.0 0.0.0.0 78.72.29.173 1
route inside 10.10.10.4 255.255.255.255 10.15.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TAD-AD protocol nt
aaa-server TAD-AD (inside) host 10.10.10.1
aaa authentication ssh console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 2
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
management-access inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
no anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
svc enable
tunnel-group-list enable
internal-password enable
group-policy sslvpn internal
group-policy sslvpn attributes
wins-server none
dns-server none
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-tunnel
default-domain value tadrees.com
group-policy DfltGrpPolicy attributes
webvpn
svc ask enable default webvpn timeout 30
username asad password GxozRbsh8Rp9vCkf encrypted privilege 15
username cisco password HWFflA1bzYiq7Uut encrypted privilege 15
username naveed password d8KsovrcdE3to7qt encrypted privilege 15
tunnel-group TAD-SSLV type remote-access
tunnel-group TAD-SSLV general-attributes
address-pool sslvpnpool
authentication-server-group TAD-AD LOCAL
default-group-policy sslvpn
tunnel-group TAD-SSLV webvpn-attributes
group-alias ssl enable
group-url https://78.93.29.174/ssl enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect http
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:cec976b762f5e1d9d9856eeb4dea4019
: endSolution, give me your number so we can talk about or setup captures on the ASA to confirm that traffic from the Internet is being routed correctly to the ASA and also review logs.
capture out interface outside match ip any host 78.93.232.66
capture in interface inside match ip any host 10.10.10.4
After you try to access the server via the public IP from an Internet client check the captures:
show capture
If you see packets in the capture, download them:
https://10.15.1.1/capture/in/pcap
https://10.15.1.1/capture/out/pcap
It will ask you for your credentials to be able to download the file.
Check logs via ASDM:
Log into ASDM > Monitoring > logging > Real Time log viewer
Type in the external IP address of the server and run another test, if you see logs post them -
Issues with accessing forms applications behind a firewall & caching proxy
We have web enabled an forms application and has the following set-up at server end.
Machine no 1. Oracle Forms Server 6i with patch level 1 listening on HTTP/Port 80 on a windows NT box.
Machine no 2. Apache Webserver. listening on HTTP/Port 80
Both the machines are behind a firewall which allows only HTTP on port 80.
At clients end we have
1. a firewall which allows only HTTP on port 80.
2. a caching proxy server
The client machine connects through the caching proxy server.
When the client connects the applet gets downloaded and initialised, the form server log shows the following
-Forms Server Log-----
[09/27/00 15:01:09 India Standard Time]::LISTN: Connection Request [ConnId=13, Addr=194.120.163.251:16278]
[09/27/00 15:01:09 India Standard Time]::RUNFORM Client Connected [ConnId=13, PID=188]
at the same time at the client side we get a FRM-92050 error: Failed to connect to server fs.formserver.com:80
Please help
Thanks
nullThanks Henrique.
This is not very promising but it confirms there is a potential issue
How did you manage to solve the problem, allowing the NW server/application to perform direct accesses?
Adalbert -
Can anyone help me know the difference b/w application and web server?
i tried reading about application and web servers. it appears to me to be the same. please do help me to differentiate. Thanks :-)
An application server hosts business logic components for an application. A web server is an application which accepts HTTP requests.
An application server may come packaged with a web server.
A web server is a very simple process. It's HTTP daemon process that listens for incoming requests over HTTP protocol on a specified port usually, 80. For simple, static web pages the web server has the built in logic to serve them but for a complex operation(say read from database and display some records), it routes the URL to a component like the servlet engine....
An application server is a much broader term. For example the servlet may need to invoke certain business logic components like beans or activex dlls. The server that hosts these components is the application server.
Hope you are clear now. -
USB Pass-Through From Windows 8.1 Host To Windows Server 2012 R2 VM
I want to be able to connect with a Windows Mobile Device through Windows Mobile Device Center, within a Virtual Machine. When connecting through the Hyper-V Manager and through Remote Desktop, under "Other supported RemoteFX USB devices",
I can see the Symbol USB Sync Cradle. In the VM, in Device Manager, I don't see a USB connection. In the VM, I don't see any meaningful errors in the Event Viewer.
Host: Windows 8.1 Enterprise Hyper-V on a Domain. Upgraded from Windows 8.1 Pro. When this computer was originally installed with Windows 8 Pro, Hyper-V was enabled. I removed Hyper-V, and installed VMWare Player, because I wanted
USB Pass-through. I then uninstalled VMWare and installed VirtualBox. Recently, I uninstalled VirtualBox, upgraded to Windows 8.1 Enterprise, and enabled Hyper-V.
Virtual Machine OS: Windows Server 2012 R2 on a Workgroup. Started out with being a VMWare VM, using VMWare Player. Moved to VirtualBox. USB Pass-through was working in both those virtual environments. Used Disk2VHD to convert the
VM to a VHDX file.
On the Host:
Windows Mobile Device Center is connected to a Motorola Windows Mobile Device (MC959X) sitting in a Symbol USB Cradle. The OS on the scanner is Windows Embedded Handheld 6.5 Classic CE OS 5.2.29217 (Build 29217.5.3.12.26). Advanced Networking
(USB to PC) is not enabled.
Enabled RemoteFX.
In the RDP file, and in the Registry, added the GUID's for:
WPD "{eec5ad98-8080-425f-922a-dabf3de3f69a}";
Windows Mobile "{6AC27878-A6FA-4155-BA85-F98F491D4F33}";
USB Device "{88BAE032-5A81-49f0-BC3D-A4FF138216D6}";
Windows CE USB Device "{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}";
GUID_DEVINTERFACE_USB_DEVICE "{A5DCBF10-6530-11D2-901F-00C04FB951ED}"
Ran "sfc /scannow"
All Microsoft Updates are current.
What am I missing?I hope it's something like that. Those features have been installed. Here's what PowerShell shows is installed:
PS C:\Windows\system32> Get-WindowsFeature |Where {$_.Installed -eq "True"} | ft DisplayName, Installed
DisplayName
Installed
File and Storage Services
True
File and iSCSI Services
True
File Server
True
Storage Services
True
Remote Desktop Services
True
Remote Desktop Licensing
True
Remote Desktop Session Host
True
Web Server (IIS)
True
Web Server
True
Common HTTP Features
True
Default Document
True
Directory Browsing
True
HTTP Errors
True
Static Content
True
HTTP Redirection
True
Health and Diagnostics
True
HTTP Logging
True
Performance
True
Static Content Compression
True
Security
True
Request Filtering
True
Windows Authentication
True
Application Development
True
.NET Extensibility 3.5
True
.NET Extensibility 4.5
True
ASP.NET 3.5
True
ASP.NET 4.5
True
ISAPI Extensions
True
ISAPI Filters
True
Management Tools
True
IIS Management Console
True
.NET Framework 3.5 Features
True
.NET Framework 3.5 (includes .NET 2.0 and 3.0)
True
.NET Framework 4.5 Features
True
.NET Framework 4.5
True
ASP.NET 4.5
True
WCF Services
True
TCP Port Sharing
True
Ink and Handwriting Services
True
Media Foundation
True
Remote Server Administration Tools
True
Role Administration Tools
True
Remote Desktop Services Tools
True
Remote Desktop Licensing Diagnoser Tools
True
Remote Desktop Licensing Tools
True
SMB 1.0/CIFS File Sharing Support
True
User Interfaces and Infrastructure
True
Graphical Management Tools and Infrastructure
True
Desktop Experience
True
Server Graphical Shell
True
Windows PowerShell
True
Windows PowerShell 4.0
True
Windows PowerShell 2.0 Engine
True
Windows PowerShell ISE
True
WoW64 Support
True -
Add Web content into ISE Web Server?
Hello,
We use Cisco ISE 1.2.0.899 on our network.
We would like to add a Web based documentation about Guest Portal ("how to find MAC Address", "how to release/renew IP Address"...) on our network to help users.
Idealy we would like to host these data on the Web server integrated to ISE (which already hosts Guest/Sponsor Portals).
Does ISE allow that?
Unregistered users (or not already profiled devices) are automatically redirected to the Guest Portal, but we would like they're able to access to this documentation (hosted on ISE Web Server or another Web Server).
How can we set that? By not using port 80 to access to this documentation?
Which elements does ISE identify to redirect browsers to the Guest Portal? Is it port 80, http protocol or other?
Regards,
ChrisThanks Marvin.
I've checked this guide, I may have misunderstood, but I've seen how to customize built-in content only, and not how to add our own content.
We've created our own documentation (html files), and we would like that our users can access to it when they are using the Guest Portal.
We thought add the documentation URL on the "Guest Portal Login", to open it in a pop-up or new window.
Can we host these documentation files on ISE Web Server (apache)?
Or do we have to host them on a separate server?
Because unregistered users/devices are automatically redirected to the Guest Portal, we would like to know how to allow users to access to this online documentation without the documentation pages are also redirected to the Guest Portal?
Thanks for your help,
Chris -
Virtual hosting on leopard server
Hello,
I have a leopard server on which I want to have two sites served from the same ip address port combination.
I am using the Server Admin tool bundled with OSX server to configure Apache.
I have created two sites in Sites tab. One has the name "mydomain.org" and the other has the name "machinename".
They are both configured to serve from the same local IP address.
The name "mydomain.org" is served by DNS and the name "machinename" is configured on the client's /etc/hosts file.
From what I know of virtual hosting, the web server receives a http header called 'Host' with the host name that was used on the browser, to select the files to serve. I have sniffed the http network packets from my client machine to the web server and seen this header set correctly to the hostname used on the browser.
The problem is that just one site is being served to both names. I want to select the site according to name.
What can I be doing wrong ?Done it the hard way.
StuG -
Mobile Web Server installation failure
Hi Forum,
I have used the server on my phone previously. It worked well.
Now after a updating my phone, I cannot even install the application. It runs through the installtion and then starts a "installing web server" half way through which it fails!
Despite installation failure it features in my App Manager but not in 'My Own' folder. I uninstall it and reinstall to no avail.
I am a Nokia N93 user.
Would greatly appreciate assistance as I want to demo the software for my class.
Best,
wirefreeI had exactly the same problem ("Installation failed" at install time) but finally got it running.
My steps:
0. I removed the unfinished installation of the MWS.
1. I manually installed the Open-C libs (only glib.sis, pips_nokia_1_3_SS.sis and ssl.sis) from the SDK here: http://www.forum.nokia.com/main/resources/technologies/openc_cpp/
2. Then I manually installed python (PythonScriptShell_1_4_4_3rdEd.sis) from here: http://sourceforge.net/project/showfiles.php?group_id=154155&package_id=171153&release_id=609802
3. Finally I reinstalled the mobile web server (v1.4 beta) . No error message anymore. Everything works like a charm now. Hope this helps. :-)
Kind regards,
Florian -
NAT/PAT Setup with internal web server.
Environment:
Web Server inside and 10 internal workstations.
One external public IP address.
Cisco Router 806 with HTTP server enable.
Conditions:
External users have to be able to access the web server.
The internal users have to be able to access the web server via the "EXTERNAL" IP address. Since they are using an external DNS.
Scenario:
The internal workstation request from external DNS address for the web server.
DNS replies with external IP address.
Workstation attempts to connect to web server via external IP address.
Connection fails at the router showing the router's HTTP logon page.
We are trying to implement NAT/PAT inside, with static assignment to port 80 to the internal web server.
Thanks, Pat Askins.You need to use cisco NAT virtual interface,
Example:
your internal network web server ip 192.168.1.10/24 Fa0 router Fa1 Public Ip address 1.1.1.1
here is what you need to configure in NAT router to resolve your issue:
int fa0
ip nat enable
no ip redirects
int fa 1
ip nat enable
no ip redirects
ip nat source static tcp 192.168.1.10 80 1.1.1.1 80 overload
ip nat source list 1 interface fa0 overload
access-list 1 permit 192.168.1.0 0.0.0.255
now you can try access to your 1.1.1.1:80 from inside network. -
Hello,
I have an application made in Labview7.1, that should be remotely controled. Also it must be protected with user name and passwords. For that I used G web server from Internet toolkit ver.6.0. I followed the instructions for password protecting the web pages, so the G web server is sharing the same port as the Labview web server, and when I run the VI from Labview enviroment it works fine. But when I build the application, the G web server is returning the error 60, the port is already used by anaother application, that application beeing the Labview web server from the app. How can I get around this?Can't you use the G Web Server to both give you remote control and security? I've linked a thorough discussion of using the HTTP Web Server with an executable, which also has links to some additional information on this topic. The discussion even specifically mentions not being able to use both servers on the same port, so you should really switch entirely to the HTTP web server to get both remote control and security. If you can't get things working, feel free post a small example that illustrates your dilemma.
Kind Regards,
Message Edited by AESulzer on 11-14-2005 02:54 PM
E. Sulzer
Applications Engineer
National Instruments -
Installing Iplanet web server and directory server behind a firewall
When installing iplanet web server and directory server behind a firewall - should the interal ip address be used or the external ip address?
Hello,
When you are installing iplanet web server behind a firewall,you should use the internal ip address in the firewall.
1. The external ip address connection to the Internet. The type of IP address used?dynamic (commonly used for standard
modems) or static (commonly used for cable modems) is dictated by the ISP to which you connect and the type of service it provides.
2. The internal ip adress connection. This connection must be a static IP assignment, and it must be assigned by you.
obviously it depends on the type of firewall setup you have.
Thanks
Selva -
Web server and Exchange behind an ADSL router
Hi all:
I finally was able to go through the basic configuration of my new cisco ASA 5515 X (i'm completely new to cisco devices).
I also managed to create VPN's to my two Amazon VPC sites. This was particularly hard because my ADSL Router which this Cisco firewall is behind was making trouble.
Finally, all I had to do is reboot the ADSL Router and it all started working, but I had a hard time to find out the source of the problem (the guys at Amazon did the job, to be honest)
Now I face the next step, opening my web server and exchange server to the world. How is this done? Do I need to do something special because of the ADSL router?
Thank you.On the ASA you'd do this with an ACL
object-group service EXCHANGE_SERVICES tcp
port-object ew www
port-object eq imap
...etc etc
access-list outside_in extended permit tcp any host 192.168.203.24 eq www
access-list outside_in extended permit tcp and host 192.168.203.11 object-group EXCHANGE_SERVICES
access-group outside_in in interface outside
You'd also have to allow access in from your ADSL router. -
Access websites hosted on local web server
Hi there,
I have a Cisco ASA 5505 in my home office which has a few PCs behind it with a linux web server running some websites. I can access the websites from outside no problem (i.e. on my iPhone using a 3G connection). However, I struggle to access the websites from within the network. The ASA gives me this error:
6
May 05 2013
11:52:27
192.168.55.61
50420
Failed to locate egress interface for TCP from inside:192.168.55.61/50420 to 86.*.*.*/80
ASA runs version 9. Here is the config bit:
object network denon-server
host 192.168.55.200
access-list outside_access_in extended permit tcp any object denon-server eq www
object network denon-server
nat (any,outside) static interface service tcp www www
Any suggestions?Hi,
I assume that you are trying to reach the LAN server with the public IP address that the ASA holds and also uses for the above Port Forward / Static PAT configuration?
If this is the situation then I am afraid that with the current configuration that is not possible. The NAT configuration towards Internet is done between probably "inside" and "outside". So "outside" interface holds the public IP address. ASA doesnt let you connect to that "outside" IP address from behind the "inside" IP address. (Or any other interface for that matter)
What you could try to do is configure a NAT that would enable you to use the public IP address of the server even when connecting from the "inside" of ASA.
Try this
object network SERVER-LOCAL
host 192.168.55.200
object network SERVER-PUBLIC
host 86.x.x.x
object network LAN
subnet 192.168.55.0 255.255.255.0
nat (inside,inside) source dynamic LAN interface destination static SERVER-PUBLIC SERVER-LOCAL
Where
SERVER-LOCAL = Is the "object" that defines the real IP address of the server
SERVER-PUBLIC = Is the "object" that defines the public IP address of the server (that ASA holds on its "outside")
LAN = Is the "object" that defines the subnet from where LAN users connect to the server public IP address
Check that the network mask is correct for the LAN and fill in the public IP address.
The actual NAT configuration tells the ASA this
When a connection from LAN is coming towards SERVER-PUBLIC then UN-NAT SERVER-PUBLIC to SERVER-LOCAL and NAT LAN to "inside" interface IP address (as defined by the parameter "interface" in the configuration)
This should enable the LAN hosts to use the public IP address to connect to the server. The server though will see the connections coming from the ASA "inside" interface IP address.
Hope this helps
Please remember to mark a correct reply as the correct answer if it did answer. And/or rate helpfull answers
Ask more if needed.
- Jouni
Maybe you are looking for
-
Why I do not like Arch anymore
Hi, in the last years arch linux became my favourite Linux Distribution because it was current and simple. Especially the startup with the old init scripts was easy to understood and easy to configure. It was perfect for my need, becaus I did not hav
-
HR infotype log in PCL4 and overall performance
Hi there, There has been a few threads about PCL4 performance with regards to reading, but I have a slightly different question: We are working on an export program for HR masterdata and are considering using logging in PCL4 to be able to export only
-
Why can't I rotate/select my group? Known bug? (CS5)
I have a group of a few layers that I wanted to resize. As they are in a group and I only want to resize the object, not the picture, I select the move tool, than try to choose 'Edit->Resize'... and get a message telling me there's nothing in my gr
-
[FreeType 2.5.1] Really broken ?
I was trying to build source code from mozilla firefox trunk, and I get this related to freetype : INPUT("../../gfx/skia/Unified_cpp_gfx_skia16.o") ../../build/unix/gold/ld: warning: hidden symbol 'hb_font_destroy' in /home/fred/logs/fox/objdir-fx/to
-
I have only an I-Mac (Mac OS c (10.5.8), & enjoy all its features. I also have a Mail account; what do I have to do to continue its operation. I'm also concerned if I will lose all my photos in IPhoto. Am I correct to assume ICloud is only necess