Cisco ASA NAT and ACL?

Just a quick question.  

If you NAT an internal server in an ASA, do you need to also create and ACL for all ports from the outside IP?  I am thinking no and that this is redundant, IE that the NAT would put the server outside of the firewall and thus not need and ACL, but I could be wrong and confusing ACL with PAT.

thanks for the info.
CnicNVAsked:
Who is Participating?
 
max_the_kingConnect With a Mentor Commented:
Hi,
to have a server published on the internet you need 2 actions:

1) NAT, so that it is reachable on a public IP address from outside
2) ACL, so that you open port/ports you want to be reachable from outside.

if you nat an internal server without doing an ACL it won't be ever be accessed from outside.
When you put ACL it os reachable.

hope this helps
max
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.