I have read dozens of posts on how to configure NAT and ACL and after trying just about everything I still can't get this.
Simple setup, simple need.
I have 1 static IP from ISP, 1 web server, 5 workstations. Workstations are on same VLAN as server.
All I need is for any internet computer to be able to surf my web server using my outside static IP. How hard can this be!? Please help!
Here's what I can do:
1. Surf the internet
2. Surf the web server from inside (10.10.10.5)
First I have a a suggestion ,I see you have configured two static nats for the same translation ,is that right , if so you can remove the static(outside, inside)10.10.10.5 ...... translation . Static is two way translation .
Secondly you have configured access list to allow access for anyone on the internet to access your public ip in WWW port but you have not binded that accesslist to the interface , which means that there is no access list . Without an access list no body on the internet will be able to come in by default .
So configure an access-group statement .
access-group and bind the access list to the interface .
Thirdly if you want the hosts on the internet to access only the www port on the public ip then you can always configure a Static Pat .
static (inside,outside) tcp outside_ip www inside_ ip www 255.255.255.255
with appropriate access-lists .
Re: Help! ASA5505 Simple port forward
10 years 10 months ago #27262
Thanks for your help Patiot. That makes sense but I'm not sure how to configure access-group statement.
I think I have the NAT set correctly.
I can currently browse the internet and I can browse my web server internally.
I tried the command: "access-group outside_access_in in interface outside" like you suggested but maybe the syntax is wrong? Doesn't this give requests coming from the outside interface a place to go on the inside interface?
Thanks for all your help, this is really frustrating.
Web server is at 192.168.1.101
here's the new config: