Hello,
I have an ASA box running 7.2 with few static and few questions..
Let's say that the outside IP address is 85.1.1.1 and we have 4 statics for 2 web servers, and 2 FTP servers (access-lists and access-group are OK)
interface Ethernet0/0 nameif outside security-level 0 ip address 85.1.1.1 255.255.255.192 !
static (inside,outside) tcp 85.1.1.2 80 10.1.1.2 80 netmask
255.255.255.255 static (inside,outside) tcp 85.1.1.3 80 10.1.1.3 80 netmask 255.255.255.255 static (inside,outside) tcp 85.1.1.2 21 10.1.1.4 21 netmask 255.255.255.255 static (inside,outside) tcp 85.1.1.3 21 10.1.1.5 21 netmask 255.255.255.255My first question is the ASA is replying to pings on the outside interface address 85.1.1.1, that's fine, but is there a way to have the ASA reply to ICMP pings on outside for addresses 85.1.1.2 and 85.1.1.3? Because for users if it does not ping, then it does not work...
Second question is about static, inspec and FTP, I want to setup multiple virtual FTP servers using proftpd on a linux box (linux has a single IP so proftpd will listen on multiple ports: 2021, 2022, 2023,
2024...)The static would look like:
static (inside,outside) tcp 85.1.1.11 21 10.1.1.100 2021 netmask
255.255.255.255 static (inside,outside) tcp 85.1.1.12 21 10.1.1.100 2022 netmask 255.255.255.255 static (inside,outside) tcp 85.1.1.13 21 10.1.1.100 2023 netmask 255.255.255.255 static (inside,outside) tcp 85.1.1.14 21 10.1.1.100 2024 netmask 255.255.255.255Will the inspect FTP works fine, the documentation is not clear, will the ASA thinks it is FTP because it is port 21 on outside, or will it ignore FTP because of the 2021..2024 port on inside?
Last one, is about SSH access to the ASA CLI, I had to do a static on the outside address and port 22:
static (inside,outside) tcp interface ssh 10.1.1.1 ssh netmask
255.255.255.255Works fine, bu, I can't access to the ASA CLI using SSH, I looked in the documentation, but I cant' find a way to have ASA listen on an alternate port for the SSH ASA CLI? Any clue?
Thanks for your attention and your helping.
Best regards.
Laurent.