Solved

Cisco ASA NAT and ACL?

Posted on 2014-02-04
1
361 Views
Last Modified: 2014-02-04
Just a quick question.  

If you NAT an internal server in an ASA, do you need to also create and ACL for all ports from the outside IP?  I am thinking no and that this is redundant, IE that the NAT would put the server outside of the firewall and thus not need and ACL, but I could be wrong and confusing ACL with PAT.

thanks for the info.
0
Comment
Question by:CnicNV
1 Comment
 
LVL 15

Accepted Solution

by:
max_the_king earned 200 total points
ID: 39833279
Hi,
to have a server published on the internet you need 2 actions:

1) NAT, so that it is reachable on a public IP address from outside
2) ACL, so that you open port/ports you want to be reachable from outside.

if you nat an internal server without doing an ACL it won't be ever be accessed from outside.
When you put ACL it os reachable.

hope this helps
max
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now