Link to home
Create AccountLog in
Avatar of cisco20
cisco20Flag for United States of America

asked on

ASA5510 Natting an inside server to public iip

Whats the most secure way to nat a public ip to an inside server that requires access to from the internet on a specific tcp port ?
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

Using:
Access-list outside permit tcp any host eq port
static (inside,outside) tcp outside_ip port inside_ip port netmask 255.255.255.255
access-group outside in interface outside

This way you only open up one port to the inside.
Oops, first line should be:
Access-list outside permit tcp any host outside_ip eq port

If your ASA is 8.3 or higher, there are some changes to this though.
Avatar of cisco20

ASKER

So for example if the port is rdp 3389 add it to both instances ?

static (inside,outside) tcp outside_ip port inside_ip port
ASKER CERTIFIED SOLUTION
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer