ASA5505 Configuration Question
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by tman on June 13, 2008, 5:08 pm
Please log in for more thread options Here is an example of my access list and nat configuration. THis allows pop3 and smtp to come in to the mail server from the Internet. access-list outside_access_in extended permit tcp any interface outside eq pop3 access-list outside_access_in extended permit tcp any interface outside eq smtp static (inside,outside) tcp interface pop3 192.168.1.5 pop3 netmask 255.255.255.255 static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask 255.255.255.255 This is a small branch and they do not have internal DNS and must use public DNS. As a result they cannot connect to their internal mail server from inside using the public address. Is there something I can add to the ASA5505 to allow this? Thanks | ||||||||||||||||
|
Posted by artie lange on June 13, 2008, 5:11 pm
Please log in for more thread options 2 things you may try: modify the hosts file on the PC to point to the internal address or DNS Doctoring http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml | ||||||||||||||||
|
Posted by tman on June 13, 2008, 8:28 pm
Please log in for more thread options > tman wrote:
> > We are using an ASA5505 as a firewall in a branch office.
>
> > Here is an example of my access list and nat configuration. =A0THis
> > allows pop3 and smtp to come in to the mail > > server from the Internet. >
> > access-list outside_access_in extended permit tcp any interface
> > outside eq pop3 > > access-list outside_access_in extended permit tcp any interface > > outside eq smtp >
> > static (inside,outside) tcp interface pop3 192.168.1.5 pop3 netmask
> > 255.255.255.255 > > static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask > > 255.255.255.255 >
> > This is a small branch and they do not have internal DNS and must use
> > public DNS. =A0As a result they cannot connect to their internal mail > > server from inside using the public address. >
> > Is there something I can add to the ASA5505 to allow this?
>
> > Thanks
>
Hide quoted text -
> 2 things you may try: > > modify the hosts file on the PC to point to the internal address > > or > > DNS Doctoring > > http://www.cisco.com/en/US/products/ps6120/products_configuration_exa...- = >
> - Show quoted text - Since I have the ACLs in place to allow traffic thru the ASA on the various ports and I have static NATs from outside to inside for the various services, do you think just adding the following static NAT might do the trick? static (inside,outside) interface 192.168.1.5 netmask 255.255.255.255 dns Thanks | ||||||||||||||||
| Similar Threads | Posted |
| ASA5505 Configuration Question | June 13, 2008, 5:08 pm |
| E1 Configuration question | September 8, 2006, 3:31 pm |
| configuration question | October 23, 2006, 7:46 pm |
| 871 configuration question | January 11, 2007, 1:23 am |
| PAT/NAT ACL configuration question | May 6, 2008, 11:23 am |
| [very simple question] configuration | December 17, 2005, 9:23 am |
| tacplus configuration question | May 11, 2007, 10:30 pm |
| SSH Cisco ASA5505 | March 14, 2008, 6:47 pm |
| Setup ASA5505 | November 5, 2008, 1:28 am |
| NAT Configuration question: verifying availability before NAT | July 19, 2005, 7:13 am |
| Configuration register setting question | September 7, 2005, 11:10 pm |
| 1721 configuration question - please bear with me | January 10, 2007, 6:30 pm |
| Cisco 2948G-L3 Configuration Question | November 29, 2007, 12:02 pm |
| ASA5505 to cascade two switches. | May 15, 2008, 5:32 pm |
| Newbie question - PPP Configuration on Cisco routers | June 1, 2006, 3:14 am |
>
> Here is an example of my access list and nat configuration. THis
> allows pop3 and smtp to come in to the mail
> server from the Internet.
>
> access-list outside_access_in extended permit tcp any interface
> outside eq pop3
> access-list outside_access_in extended permit tcp any interface
> outside eq smtp
>
> static (inside,outside) tcp interface pop3 192.168.1.5 pop3 netmask
> 255.255.255.255
> static (inside,outside) tcp interface smtp 192.168.1.5 smtp netmask
> 255.255.255.255
>
> This is a small branch and they do not have internal DNS and must use
> public DNS. As a result they cannot connect to their internal mail
> server from inside using the public address.
>
> Is there something I can add to the ASA5505 to allow this?
>
> Thanks