• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 307
  • Last Modified:

ASA5510 Natting an inside server to public iip

Whats the most secure way to nat a public ip to an inside server that requires access to from the internet on a specific tcp port ?
0
cisco20
Asked:
cisco20
  • 3
1 Solution
 
Ernie BeekExpertCommented:
Using:
Access-list outside permit tcp any host eq port
static (inside,outside) tcp outside_ip port inside_ip port netmask 255.255.255.255
access-group outside in interface outside

This way you only open up one port to the inside.
0
 
Ernie BeekExpertCommented:
Oops, first line should be:
Access-list outside permit tcp any host outside_ip eq port

If your ASA is 8.3 or higher, there are some changes to this though.
0
 
cisco20Author Commented:
So for example if the port is rdp 3389 add it to both instances ?

static (inside,outside) tcp outside_ip port inside_ip port
0
 
Ernie BeekExpertCommented:
Correct.
You can also use it to forward one port to another (like 8080 outside to 80 inside) but in this case you can leave both ports the same.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now