Hi,
This is what I was thinking of doing:
Router: interface Ethernet0 ip address xx.xx.xx.209 255.255.255.240
interface Dialer0 ip address negotiated (receives WAN static)
Firewall:
interface vlan2 nameif outside security-level 0 ip address xx.xx.xx.210 255.255.255.240
interface vlan1 nameif inside ip address 192.168.1.1 255.255.255.0 security-level 100
global (outside) 1 interface global (outside) 2 xx.xx.xx.11-xx.xx.xx.222 netmask 255.255.255.240 nat (inside) 1 0 0
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.209 1 (can this go in the outside interface definition?) access-group outside_access_in in interface outside
access-list outside_access_in extended permit tcp any host
192.168.1.10 eq 25static (inside,outside) xx.xx.xx.211 192.168.1.10 netmask
255.255.255.240What I want to achieve with this is the following:
- All outgoing connections from anything on 192.168.1.0/24 is presented to the outside on xx.xx.xx.209.
- I have some server on 192.168.1.10 which I want presenting to the outside world on xx.xx.xx.211.
- I want people to connect to the IP address xx.xx.xx.211 on port 25 and they will be connected to this server.
Will this do it?
The other way I was looking at it was this:
global (outside) 1 interface global (outside) 2 xx.xx.xx.211 255.255.255.240 nat (inside) 1 0 0 nat (inside) 2 access-list mail_server
access-list mail_server extended permit tcp any host
192.168.1.10 eq 25I also have some IP addresses with no inbound connections, but I need to ensure that they present on the outside using a specific IP address.
Any help would be gratefully received.
Thanks. Andrew.