Solved

Cisco 8.4 Nat

Posted on 2014-02-25
4
412 Views
Last Modified: 2014-03-01
Hi guys, I have an ASA 5505 here running 8.4.

Now i gave the outside interface a x.x.x.163 outside

I want all inet traffic to be natted out to .165 going out

Also need to nat 166 coming inbound to my lan to server 192.168.1.2 on ports 443, 80

Please help me with this.

Thanks!
0
Comment
Question by:Cobra25
  • 2
  • 2
4 Comments
 
LVL 4

Author Comment

by:Cobra25
ID: 39887961
No one?
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 500 total points
ID: 39888671
for the DMZ

object network obj_DMZ_Server1_internal_IP
 host a.a.a.a
!
object network obj_DMZ_Server1_external_IP
 host x.x.x.166

nat (dmz,outside) source static obj_DMZ_Server1_internal_IP obj_DMZ_Server1_external_IP


where a.a.a.a is the internal IP. please do note you'll have to place ACL on the outside interface

access-list outside_access_in extended permit tcp any host a.a.a.a eq https
access-list outside_access_in extended permit tcp any host a.a.a.a eq www


notice the ACl applies to the internal IP, this is because UN-NAT applies before the ACL.


for internet traffic going out NATed to x.x.x.165

object network obj_outside_x.x.x.165
 host x.x.x.165
!
nat (inside,outside) 1 source dynamic any obj_outside_x.x.x.165


And of lastly you'll need ACL on the inside interface to allow http/https traffic going out.


let me know if this helps
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39894140
Don't have a DMZ

But i get your point..
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39894482
for servers being accessed from the outside, considering redesigning and putting it in a dmz. primarily if these published servers are compromised (hacked, infected, attacked DDoS) then it can impact the entire internal network without anything else in between it to stop access.

in case of dmz, this serves the purpose that you limit the following:

1. access from outside to dmz
2. dmz access to internal
3. internal access to dmz

this creates a more secure environment.

but again, every company has their requirements and design, so i wont meddle much on your current setup, just hope to provide insights.

hope this helps and previous configuration work and applied for your requirement.

let me know how if i can be of further help
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ping configured interface on Sonicwall 16 60
Cisco  3750E switches 1 28
Cisco EIGRP Network 6 25
AnyConnect VPN endpoint authentication/validation 4 17
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question