How to enable inside hosts to access Public IPs on Firewall itself

Discussion in 'Cisco' started by UBEST, Jul 25, 2007.

  1. UBEST

    UBEST Guest

    Hello,


    Does anyone know which commands allow insider (NATed host to access
    Public IPs on frewall public IP block?

    let me say, I have class C 209.36.9.X network for ASA 5520 public IPs

    I have static one to one NAT for insider host (10.10.10.X)

    I would like insider host, say 10.10.10.15 (Nated Public IP
    209.36.9.15) to access http://209.36.9.20 (10.10.10.20).

    thanks,

    Cisco ASA 5520 IOS 7.22
    UBEST, Jul 25, 2007
    #1
    1. Advertising

  2. UBEST

    CK Guest

    I think it should work ..
    Thr are 2 ways for this

    1 Way:
    To apply access-list for access from outside to inside interface for
    209.36.9.20

    2 Way:
    Destination Static route for 209.36.9.20




    On Jul 25, 7:58 am, UBEST <> wrote:
    > Hello,
    >
    > Does anyone know which commands allow insider (NATed host to access
    > Public IPs on frewall public IP block?
    >
    > let me say, I have class C 209.36.9.X network for ASA 5520 public IPs
    >
    > I have static one to one NAT for insider host (10.10.10.X)
    >
    > I would like insider host, say 10.10.10.15 (Nated Public IP
    > 209.36.9.15) to accesshttp://209.36.9.20(10.10.10.20).
    >
    > thanks,
    >
    > Cisco ASA 5520 IOS 7.22
    CK, Jul 25, 2007
    #2
    1. Advertising

  3. If you want to allow HTTP access to the PIX firewall, you just enable a IP
    address or range. For example, "http 10.10.10.15 255.255.255.255 inside" or
    "ip http 10.10.10.0 255.255.255.0 inside".

    Good luck,

    Mike
    CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, etc.
    CCIE R&S (in progress), CCIE Voice (in progress)
    ------
    Headset Adapters for Cisco IP Phones
    www.ciscoheadsetadapter.com
    www.headsetadapter.com



    "UBEST" <> wrote in message
    news:...
    > Hello,
    >
    >
    > Does anyone know which commands allow insider (NATed host to access
    > Public IPs on frewall public IP block?
    >
    > let me say, I have class C 209.36.9.X network for ASA 5520 public IPs
    >
    > I have static one to one NAT for insider host (10.10.10.X)
    >
    > I would like insider host, say 10.10.10.15 (Nated Public IP
    > 209.36.9.15) to access http://209.36.9.20 (10.10.10.20).
    >
    > thanks,
    >
    > Cisco ASA 5520 IOS 7.22
    headsetadapter.com, Jul 25, 2007
    #3
  4. UBEST

    UBEST Guest

    Can you provide config example for both ways since I want to enable
    ping later? Thanks again!

    On Wed, 25 Jul 2007 04:14:49 -0000, CK <> wrote:

    >I think it should work ..
    >Thr are 2 ways for this
    >
    >1 Way:
    >To apply access-list for access from outside to inside interface for
    >209.36.9.20
    >
    >2 Way:
    >Destination Static route for 209.36.9.20
    >
    >
    >
    >
    >On Jul 25, 7:58 am, UBEST <> wrote:
    >> Hello,
    >>
    >> Does anyone know which commands allow insider (NATed host to access
    >> Public IPs on frewall public IP block?
    >>
    >> let me say, I have class C 209.36.9.X network for ASA 5520 public IPs
    >>
    >> I have static one to one NAT for insider host (10.10.10.X)
    >>
    >> I would like insider host, say 10.10.10.15 (Nated Public IP
    >> 209.36.9.15) to accesshttp://209.36.9.20(10.10.10.20).
    >>
    >> thanks,
    >>
    >> Cisco ASA 5520 IOS 7.22

    >
    UBEST, Jul 25, 2007
    #4
  5. UBEST

    UBEST Guest

    Thanks. I will have a try. How about to enable ping?

    On Wed, 25 Jul 2007 05:57:30 -0400, "headsetadapter.com"
    <> wrote:

    >If you want to allow HTTP access to the PIX firewall, you just enable a IP
    >address or range. For example, "http 10.10.10.15 255.255.255.255 inside" or
    >"ip http 10.10.10.0 255.255.255.0 inside".
    >
    >Good luck,
    >
    >Mike
    >CCNP, CCDP, CCSP, Cisco Voice, MCSE W2K, MCSE+I, Security+, etc.
    >CCIE R&S (in progress), CCIE Voice (in progress)
    >------
    >Headset Adapters for Cisco IP Phones
    >www.ciscoheadsetadapter.com
    >www.headsetadapter.com
    >
    >
    >
    >"UBEST" <> wrote in message
    >news:...
    >> Hello,
    >>
    >>
    >> Does anyone know which commands allow insider (NATed host to access
    >> Public IPs on frewall public IP block?
    >>
    >> let me say, I have class C 209.36.9.X network for ASA 5520 public IPs
    >>
    >> I have static one to one NAT for insider host (10.10.10.X)
    >>
    >> I would like insider host, say 10.10.10.15 (Nated Public IP
    >> 209.36.9.15) to access http://209.36.9.20 (10.10.10.20).
    >>
    >> thanks,
    >>
    >> Cisco ASA 5520 IOS 7.22

    >
    UBEST, Jul 25, 2007
    #5
  6. UBEST

    Chris Guest

    On Wed, 25 Jul 2007 02:58:16 GMT, UBEST wrote:

    > Hello,
    >
    >
    > Does anyone know which commands allow insider (NATed host to access
    > Public IPs on frewall public IP block?
    >
    > let me say, I have class C 209.36.9.X network for ASA 5520 public IPs
    >
    > I have static one to one NAT for insider host (10.10.10.X)
    >
    > I would like insider host, say 10.10.10.15 (Nated Public IP
    > 209.36.9.15) to access http://209.36.9.20 (10.10.10.20).
    >
    > thanks,
    >
    > Cisco ASA 5520 IOS 7.22


    You can't do this on the ASA or Pix. Neither will route traffic out of the
    same interface that it came into so you can't 'route on a stick' as it
    were. If you need to access an internal server from the internal network
    then you need to use the internal IP address.

    Chris.
    Chris, Jul 25, 2007
    #6
  7. UBEST

    Chris Guest

    On Wed, 25 Jul 2007 04:14:49 -0000, CK wrote:

    > I think it should work ..
    > Thr are 2 ways for this
    >
    > 1 Way:
    > To apply access-list for access from outside to inside interface for
    > 209.36.9.20


    That would only allow access from outside to inside, not inside to inside.

    Chris.
    Chris, Jul 25, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page