Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 754
  • Last Modified:

Cisco ASA Port Forwarding Using Dynamic NAT

I understand NAT and I understand other routers.  Just not sure how these ASAs deal with Dynamic NAT. I have a Cisco ASA5505 and I need to forward SSL to an internal ip address.
I am already using 3 static NATs to other servers in my enviornment.  I have one IP address definded as my WAN interface and one definded for dynamic NAT for my other nodes on the network.  I only have 5 WAN IP Addresses. See below:

global (outside) 1 interface
global (outside) 1 [WANIPADDRESS #5] netmask 255.0.0.0
nat (inside) 1 192.168.70.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) [WANIPADDRESS #2]  192.168.70.210 netmask 255.255.255.255
static (inside,outside) [WANIPADDRESS #3]  192.168.70.220 netmask 255.255.255.255
static (inside,outside) [WANIPADDRESS #4]  192.168.70.222 netmask 255.255.255.255
access-group inside_access_out in interface inside
access-group outside_access_in in interface outside

What I need to know is can I forward HTTPS to 192.168.70.3 for my [WANIPADDRESS #5]?  If so how?

Thaks for your assistance

OsageNDN
0
Neadom Tucker
Asked:
Neadom Tucker
2 Solutions
 
BooSTidCommented:
Following line is the syntax for just doing individual ports (PAT rather then NAT)

static (inside,outside) tcp [WANIPADDRESS 5] 443 192.168.70.3 443 netmask 255.255.255.255                            
0
 
ullas_unniCommented:
what BooSTid posted is the command for static and make sure you have :

access-list outside_access_in permit tcp any host [WANIPADDRESS 5] eq 443

another thing i noticed is you have:

global (outside) 1 interface
global (outside) 1 [WANIPADDRESS #5] netmask 255.0.0.0
nat (inside) 1 192.168.70.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0

i guess

nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface

should be sufficient for your other nodes considering 192.168.70.0 is your internal network.
so like that you get WANADDRESS#5 free for the static.

0
 
Neadom TuckerAuthor Commented:
Thanks for you help
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now