Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Configuring a ASA 5505 for school, issue with NAT
New Posts  All Forums:Forum Nav:

Configuring a ASA 5505 for school, issue with NAT

post #1 of 4
Thread Starter 
Hey Everybody,


I am working on building out an ASA 5505, base license, and I'm working on getting connectivity to a dmz "webserver" to talk to an external interface.



So this is the set up:







Now, I know this isn't the ideal setup and I'm "Double NAT'ing" to go out to the internet but what I'm trying to accomplish is pull the website in the DMZ on the ASA from PC1 in my intenal network by going to www.example.local

Now, I don't have a proper DNS server so I modified the HOST file on PC1 to resolve www.example.local to the 192.168.0.6 (ASA outside) but it's not hitting the webpage and I should be seeing the IIS 7 splash page. Windows Firewall is turned off on the web server.



At this point as far as the firewall: I have




If anybody has experience with this and doesn't mind me picking at their brain with this, it would be truly helpful!
Edited by wgman003 - 2/27/13 at 7:34am
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #2 of 4
Cisco has made NAT a lot easier if you utilize ASDM. (NOTE: ASDM requires Java)


Assuming your Inside interface is 192.168.1.1
enter the following commands
http server enable
http 192.168.1.100 255.255.255.255 Inside This is the access list for ASDM

it is also advise able to put your username and password in from the CLI

Then open a web browser and go to https://192.168.1.1

Once ASDM is installed, Open it and go to 192.168.1.1
The click configure
Then click firewall
The select NAT rules
Source Intf (The interface you want to be NAT'ed from... INSIDE) Dest Intf (Where you want the NAT to go)
Source any (will make any IP on the Inside interface be NAT'ed)
Destination (This can be left to any or specify an IP Subnet)
Service (This should be left as any unless you are wanting everything to force to a specific protocol i.e. port 80)
Source [If -- Original -- (S), this will keep the IP's the same passing through the firewall. If OUTSIDE (P) this will force all IP's on the inside interface to assume the outside interfaces IP address.]

This is a quick down and dirty and simpler to see compared to the CLI if you are not that familiar with NAT.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #3 of 4
Thread Starter 
Cool, thanks! I'll give this ago. Here's my next question. Given that I have one external IP address but multiple websites. How would I be able to get the ASA to know that www.example.local goes to one web server and www.example2.local goes to another webserver in the same dmz?
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
Pwnisher
(15 items)
 
Small Hoss
(14 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 3770k GIGABYTE GA-Z77X-UP4 TH GTX 460 SE 16GB Samsung MV-3V4G3D/US 
Hard DriveHard DriveOptical DriveCooling
120GB Agility 3 1.5TB Seagate Barracuda LG 14x Blu-ray burner Corsair H100i 
OSMonitorKeyboardPower
Windows 8 Professional Dell Ultrasharp U2410 Logitech Illuminated keyboard Kingwin LZP-750 
CaseMouseMouse Pad
Corsair 650D Logitech G500 RadPadz XT 
CPUMotherboardGraphicsGraphics
Intel Core i3 540 @ 4.2GHz 1.328v Gigabyte GA-P55-UD4P EVGA GTX 460 SE SLI EVGA GTX 460 SE SLI 
RAMHard DriveOSMonitor
G.Skill 8GB 4x 2GB DDR3 OCZ Agility 3 120GB SSD Windows 7 Professional Dell Ultrasharp U2410 sRGB 
KeyboardPowerCaseMouse
Logitech Illuminated Keyboard PC Power & Cooling 750w Antec 1200 Logitech G500 
Mouse PadAudio
RatPadz OnBoard 
  hide details  
Reply
post #4 of 4
if they are on the same server you can use Virtual hosts i have 3/4 websites per server,

if they are on differnt servers you could use differnt ports, so port 80 would go to example 1 and port 81 would goto example2
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
Escobar
(9 items)
 
Supercomputer ^_^
(13 items)
 
 
CPUMotherboardGraphicsRAM
1055T M4A88T-D EVO USB3 ATI 6850 4 GB 
Optical DriveOSMonitorKeyboard
DVD RW Windows 8 Pro lp1900 + 2 X 15 inch dell Microsoft Comfort Curve 
PowerCase
600watt thermaltake antec 200 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Configuring a ASA 5505 for school, issue with NAT