Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco 8.4 Nat

Posted on 2014-02-25
4
Medium Priority
?
438 Views
Last Modified: 2014-03-01
Hi guys, I have an ASA 5505 here running 8.4.

Now i gave the outside interface a x.x.x.163 outside

I want all inet traffic to be natted out to .165 going out

Also need to nat 166 coming inbound to my lan to server 192.168.1.2 on ports 443, 80

Please help me with this.

Thanks!
0
Comment
Question by:Cobra25
  • 2
  • 2
4 Comments
 
LVL 4

Author Comment

by:Cobra25
ID: 39887961
No one?
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 2000 total points
ID: 39888671
for the DMZ

object network obj_DMZ_Server1_internal_IP
 host a.a.a.a
!
object network obj_DMZ_Server1_external_IP
 host x.x.x.166

nat (dmz,outside) source static obj_DMZ_Server1_internal_IP obj_DMZ_Server1_external_IP


where a.a.a.a is the internal IP. please do note you'll have to place ACL on the outside interface

access-list outside_access_in extended permit tcp any host a.a.a.a eq https
access-list outside_access_in extended permit tcp any host a.a.a.a eq www


notice the ACl applies to the internal IP, this is because UN-NAT applies before the ACL.


for internet traffic going out NATed to x.x.x.165

object network obj_outside_x.x.x.165
 host x.x.x.165
!
nat (inside,outside) 1 source dynamic any obj_outside_x.x.x.165


And of lastly you'll need ACL on the inside interface to allow http/https traffic going out.


let me know if this helps
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39894140
Don't have a DMZ

But i get your point..
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39894482
for servers being accessed from the outside, considering redesigning and putting it in a dmz. primarily if these published servers are compromised (hacked, infected, attacked DDoS) then it can impact the entire internal network without anything else in between it to stop access.

in case of dmz, this serves the purpose that you limit the following:

1. access from outside to dmz
2. dmz access to internal
3. internal access to dmz

this creates a more secure environment.

but again, every company has their requirements and design, so i wont meddle much on your current setup, just hope to provide insights.

hope this helps and previous configuration work and applied for your requirement.

let me know how if i can be of further help
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month12 days, 9 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question