Ciao a tutti,
ho un problema dovrei configurare i miei indirizzi pubblici in modo da assegnarli , per i vari server posti in DMZ
partiamo dal fatto che due ip li ho già utilizzati uno sul router G0/1 e uno sull'outside dell'ASA
gli ip sono in una subnet 255.255.255.248 8 ip di cui utilizzabili solo 6
x.x.x.217 x.x.x.222 Subnet 255.255.255.248
sono connesso direttamente all'isp tramite interfaccia G0/0, utilizzando PPOE su dialer 0
G0/1 x.x.x.217 Router
G0/8 x.x.x.218 OUTSIDE ASA
naviga alla perfezione con ping di 5 ms
-------------------------------------------------------
ora viene il bello dovrei configurare i restanti ip pubblici sull'asa per poi fare NAT sui vari server posti sulla DMZ
vi posto parte della configurazione dell'ASA.... GRAZIE A QUANTI DI VOI MI AIUTERANNO
ASA Version 9.3(1)1
!
hostname netfw1
domain-name backdns.local
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
ip local pool IPSec_Pool 172.100.100.1-172.100.100.10 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 172.80.1.1 255.255.255.0
!
interface GigabitEthernet0/1
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
description wifi
nameif wifi
security-level 100
ip address 10.80.173.1 255.255.255.0
!
interface GigabitEthernet0/6
description dmz
nameif dmz
security-level 50
ip address 10.10.172.1 255.255.255.0
!
interface GigabitEthernet0/8
description EXTERNAL
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in_1 extended deny ip any any
access-list dmz_access_in_1 extended permit ip any any
access-list dmz_access_in_1 extended deny ip any any
access-list inside_access_in extended permit ip any any
pager lines 23
logging enable
logging asdm informational
logging host inside 172.80.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 172.80.1.11 /cisco/log admin *****
mtu inside 1500
mtu wifi 1500
mtu dmz 1500
mtu outside 1500
!
nat (inside,outside) after-auto source dynamic any interface
nat (dmz,outside) after-auto source dynamic any interface
access-group inside_access_in in interface inside
access-group wifi_access_in in interface wifi
access-group dmz_access_in_1 in interface dmz
access-group dmz2_access_in in interface dmz2
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.217 1
grazie per i futuri vostri consigli
CISCO MULTIPLE PUBLIC IP
Moderatore: Federico.Lagni