!- This access list allows hosts to access Xlate per-session deny udp any6 any6 eq domain Xlate per-session deny udp any6 any4 eq domain Xlate per-session deny udp any4 any6 eq domain Xlate per-session deny udp any4 any4 eq domain This is the ASA configuration for this example: show runĮnable password 8Ry2YjIyt7RRXU24 encrypted In order for the outside users to access the mail server, you must configure a static NAT and an access list, which is outside_int in this example, in order to permit the outside users to access the mail server and bind the access list to the outside interface. In order for the mail server to be accessed by the inside network, you must configure the identity Network Address Translation (NAT). The mail server with IP address 172.16.31.10 is located in the DMZ network. The network setup that is used in this example has the ASA with an inside network at 10.1.1.0/24 and an outside network at 203.0.113.0/24. They are RFC 1918 addresses that have been used in a lab environment. Note: The IP addressing schemes that are used in this document are not legally routable on the Internet. The configuration that is described in this section uses this network setup: Note: Use the Command Lookup Tool ( registered customers only) to obtain more information on the commands that are used in this section. This section describes how to configure the ASA in order to reach the mail server in the DMZ network, the inside network, or the outside network. Refer to the Cisco Technical Tips Conventions for more information on document conventions.
If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration.
The information in this document was created from the devices in a specific lab environment.
0 kommentar(er)
