vxspiritxv
[H]ard|Gawd
- Joined
- Feb 10, 2001
- Messages
- 1,610
I have two internet connections. One for servers one for home. I tested multiple context mode, but the no remote client VPNs was a deal breaker. So I'm back in single mode with everything working except I can't access my servers from the 'inside' interface.
Also if anyone knows how to 'if outside fails, route everything att' that would be awesome too. No idea if that's even possible now because of the nature of the outside connection being dhcp.
Also if anyone knows how to 'if outside fails, route everything att' that would be awesome too. No idea if that's even possible now because of the nature of the outside connection being dhcp.
Code:
ASA Version 9.1(5)21
interface Ethernet0/0
nameif outside
security-level 0
ip address dhcp setroute
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/1.2
vlan 2
nameif servers
security-level 20
ip address 10.11.1.1 255.255.255.0
!
interface Ethernet0/2
nameif att
security-level 0
ip address 104.x.x.13 255.255.255.240
!
object network INSIDE-HOSTS
subnet 192.168.1.0 255.255.255.0
object network WEBSERVER_OUT
host 104.x.x.10
object network WEBSERVER
host 10.11.1.12
object network EMAILSERVER
host 10.11.1.11
object network EMAILSERVER_OUT
host 104.x.x.9
access-list outside_in extended permit icmp any any
access-list outside_in extended permit udp any any
access-list servers_in extended permit icmp any4 any4
access-list servers_in extended permit tcp any object WEBSERVER eq https
access-list servers_in extended permit tcp any object WEBSERVER eq domain
access-list servers_in extended permit udp any object WEBSERVER eq domain
access-list servers_in extended permit tcp any object WEBSERVER eq www
access-list servers_in extended permit udp any object WEBSERVER eq snmp
access-list servers_in extended permit tcp any object WEBSERVER eq ssh
access-list servers_in extended permit tcp any object EMAILSERVER eq https
access-list servers_in extended permit tcp any object EMAILSERVER eq smtp
no arp permit-nonconnected
route-lookup
nat (servers,att) source static WEBSERVER WEBSERVER_OUT dns
nat (servers,att) source static EMAILSERVER EMAILSERVER_OUT dns
object network INSIDE-HOSTS
nat (inside,outside) dynamic interface
access-group outside_in in interface outside
access-group servers_in in interface att
route att 0.0.0.0 0.0.0.0 104.x.x.x 10