Solved

Cisco ASA NAT and ACL?

Posted on 2014-02-04
1
384 Views
Last Modified: 2014-02-04
Just a quick question.  

If you NAT an internal server in an ASA, do you need to also create and ACL for all ports from the outside IP?  I am thinking no and that this is redundant, IE that the NAT would put the server outside of the firewall and thus not need and ACL, but I could be wrong and confusing ACL with PAT.

thanks for the info.
0
Comment
Question by:CnicNV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
max_the_king earned 200 total points
ID: 39833279
Hi,
to have a server published on the internet you need 2 actions:

1) NAT, so that it is reachable on a public IP address from outside
2) ACL, so that you open port/ports you want to be reachable from outside.

if you nat an internal server without doing an ACL it won't be ever be accessed from outside.
When you put ACL it os reachable.

hope this helps
max
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question