[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 554
  • Last Modified:

Enable PAT ASA 5505

Hi,

Using ASA Version 8.0(2)

this device is mostly configured using the asdm.

We have about 5 IP's from the ISP. We use NAT overload for users to access internet.

And the rest 4 IP's are being 1-to-1 NAT.

Under NAT rules I have the static statements and a dynamic from any (internal) to outside.

Because of IP limitation we would like to port forward on the USERS IP to one of the internal servers on a specific port.

Please assist in setting up the ACL and the NAT rule for that.
Thanks
0
masdf123
Asked:
masdf123
  • 4
  • 3
1 Solution
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Please post the current config here as well as information about exact which ip/port to forward to/from.

/Kvistofta
0
 
masdf123Author Commented:
My Configuration is something like this:

name 192.168.1.5 PBX
name 192.168.1.4 DC2


interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 1.1.1.234 255.255.255.248
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3

interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 2


access-list outside_in extended permit tcp any host 1.1.1.235 eq 3389
access-list outside_in extended permit tcp host 58.64.84.5 host 1.1.1.235 eq 25
access-list outside_in extended permit tcp any host 1.1.1.236 eq 30
access-list B2B extended permit ip 192.168.1.0 255.255.255.0 host PBX
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 172.16.0.0 255.254.0.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.2
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-602.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 1.1.1.236 PBX netmask 255.255.255.255
static (inside,outside) 1.1.1.235 DC2 netmask 255.255.255.255 dns
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.233 1

So all internet traffic for users is going through 1.1.1.234

Rest DC2 and PBX are static NAT.

So basically if I want to enable PAT on 1.1.1.234 going to 192.168.1.60  on port 123
Thanks


0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
ok.

static (inside,outside) tcp interface 123 192.168.1.60 123
clear xlat

Best regards
Kvistofta
0
Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

 
masdf123Author Commented:
Thanks,

What does clear xlat mean?
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
It removes all existing address translation. It needs to be done sometimes when you change the address translations in order to have a "fresh" start.

/Kvistofta
0
 
masdf123Author Commented:
You mean the NAT translations table?
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Yes.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now