CISCO MULTIPLE PUBLIC IP

Configurazioni per connettività ADSL, ISDN e switch per privati e piccole network

Moderatore: Federico.Lagni

Rispondi
devid79
n00b
Messaggi: 8
Iscritto il: mar 03 gen , 2012 1:08 pm

CISCO MULTIPLE PUBLIC IP


Ciao a tutti,

ho un problema dovrei configurare i miei indirizzi pubblici in modo da assegnarli , per i vari server posti in DMZ

partiamo dal fatto che due ip li ho già utilizzati uno sul router G0/1 e uno sull'outside dell'ASA

gli ip sono in una subnet 255.255.255.248 8 ip di cui utilizzabili solo 6

x.x.x.217 x.x.x.222 Subnet 255.255.255.248

sono connesso direttamente all'isp tramite interfaccia G0/0, utilizzando PPOE su dialer 0
G0/1 x.x.x.217 Router

G0/8 x.x.x.218 OUTSIDE ASA

naviga alla perfezione con ping di 5 ms

-------------------------------------------------------

ora viene il bello dovrei configurare i restanti ip pubblici sull'asa per poi fare NAT sui vari server posti sulla DMZ

vi posto parte della configurazione dell'ASA.... GRAZIE A QUANTI DI VOI MI AIUTERANNO

ASA Version 9.3(1)1
!
hostname netfw1
domain-name backdns.local
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
ip local pool IPSec_Pool 172.100.100.1-172.100.100.10 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 172.80.1.1 255.255.255.0
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
description wifi
nameif wifi
security-level 100
ip address 10.80.173.1 255.255.255.0
!
interface GigabitEthernet0/6
description dmz
nameif dmz
security-level 50
ip address 10.10.172.1 255.255.255.0

!
interface GigabitEthernet0/8
description EXTERNAL
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248

!

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

access-list outside_access_in_1 extended deny ip any any
access-list dmz_access_in_1 extended permit ip any any
access-list dmz_access_in_1 extended deny ip any any
access-list inside_access_in extended permit ip any any
pager lines 23
logging enable
logging asdm informational
logging host inside 172.80.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 172.80.1.11 /cisco/log admin *****

mtu inside 1500
mtu wifi 1500
mtu dmz 1500
mtu outside 1500


!
nat (inside,outside) after-auto source dynamic any interface
nat (dmz,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group wifi_access_in in interface wifi
access-group dmz_access_in_1 in interface dmz
access-group dmz2_access_in in interface dmz2
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.217 1


grazie per i futuri vostri consigli :D
devid79
n00b
Messaggi: 8
Iscritto il: mar 03 gen , 2012 1:08 pm

RISOLTO :D :D :D :D
Rispondi