Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ASA NAT and ACL?

Posted on 2014-02-04
1
Medium Priority
?
405 Views
Last Modified: 2014-02-04
Just a quick question.  

If you NAT an internal server in an ASA, do you need to also create and ACL for all ports from the outside IP?  I am thinking no and that this is redundant, IE that the NAT would put the server outside of the firewall and thus not need and ACL, but I could be wrong and confusing ACL with PAT.

thanks for the info.
0
Comment
Question by:CnicNV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 17

Accepted Solution

by:
max_the_king earned 800 total points
ID: 39833279
Hi,
to have a server published on the internet you need 2 actions:

1) NAT, so that it is reachable on a public IP address from outside
2) ACL, so that you open port/ports you want to be reachable from outside.

if you nat an internal server without doing an ACL it won't be ever be accessed from outside.
When you put ACL it os reachable.

hope this helps
max
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question