?
Solved

Cisco ASA NAT and ACL?

Posted on 2014-02-04
1
Medium Priority
?
395 Views
Last Modified: 2014-02-04
Just a quick question.  

If you NAT an internal server in an ASA, do you need to also create and ACL for all ports from the outside IP?  I am thinking no and that this is redundant, IE that the NAT would put the server outside of the firewall and thus not need and ACL, but I could be wrong and confusing ACL with PAT.

thanks for the info.
0
Comment
Question by:CnicNV
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
max_the_king earned 800 total points
ID: 39833279
Hi,
to have a server published on the internet you need 2 actions:

1) NAT, so that it is reachable on a public IP address from outside
2) ACL, so that you open port/ports you want to be reachable from outside.

if you nat an internal server without doing an ACL it won't be ever be accessed from outside.
When you put ACL it os reachable.

hope this helps
max
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question