Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

NAT question

I have a temporary outlook server sitting on an inside network and I need to set up OWA . We have a public block of IP's and I assigned a public DNS name to one of them to access the server externally. I added a route on the outside router telling it to route any traffic destined for XXX.XXX.209.9 (address assigned to OWA) to XXX.XXX.209.57 (outside int of ASA). Now I need to figure out what to configure on the asa to say whenever traffic destined for XXX.XXX.XXX.9 hits the outside interface, translate it to 10.0.0.237 and send it to the outlook server.  I know this is simple natting, but I can't figure out which type of rule to use.
0
downscm
Asked:
downscm
1 Solution
 
JFrederick29Commented:
This should do it:

access-list outside_access_in extended permit tcp any host xxx.xxx.209.9 eq 443

static (inside,outside) xxx.xxx.209.9 10.0.0.237 netmask 255.255.255.255
0
 
jcs5003Commented:
static (inside,outside) xxx.xxx.209.9 10.0.0.237 netmask 255.255.255.255 if nothing else is using this outside IP
static (inside,outside) tcp xxx.xxx.209.9 443 10.0.0.237 443 netmask 255.255.255.255

The above will also only work if your Exchange server is servicing OWA using SSL, as it should.. some admins like to use 80 also in which case you would also add
static (inside,outside) tcp xxx.xxx.209.9 80 10.0.0.237 80 netmask 255.255.255.255
access-list outside_access_in extended permit tcp any host xxx.xxx.209.9 eq 80


This also assumes your access-list is named outside_access_in
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now