Solved

Cisco 8.4 Nat

Posted on 2014-02-25
4
419 Views
Last Modified: 2014-03-01
Hi guys, I have an ASA 5505 here running 8.4.

Now i gave the outside interface a x.x.x.163 outside

I want all inet traffic to be natted out to .165 going out

Also need to nat 166 coming inbound to my lan to server 192.168.1.2 on ports 443, 80

Please help me with this.

Thanks!
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Author Comment

by:Cobra25
ID: 39887961
No one?
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 500 total points
ID: 39888671
for the DMZ

object network obj_DMZ_Server1_internal_IP
 host a.a.a.a
!
object network obj_DMZ_Server1_external_IP
 host x.x.x.166

nat (dmz,outside) source static obj_DMZ_Server1_internal_IP obj_DMZ_Server1_external_IP


where a.a.a.a is the internal IP. please do note you'll have to place ACL on the outside interface

access-list outside_access_in extended permit tcp any host a.a.a.a eq https
access-list outside_access_in extended permit tcp any host a.a.a.a eq www


notice the ACl applies to the internal IP, this is because UN-NAT applies before the ACL.


for internet traffic going out NATed to x.x.x.165

object network obj_outside_x.x.x.165
 host x.x.x.165
!
nat (inside,outside) 1 source dynamic any obj_outside_x.x.x.165


And of lastly you'll need ACL on the inside interface to allow http/https traffic going out.


let me know if this helps
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39894140
Don't have a DMZ

But i get your point..
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39894482
for servers being accessed from the outside, considering redesigning and putting it in a dmz. primarily if these published servers are compromised (hacked, infected, attacked DDoS) then it can impact the entire internal network without anything else in between it to stop access.

in case of dmz, this serves the purpose that you limit the following:

1. access from outside to dmz
2. dmz access to internal
3. internal access to dmz

this creates a more secure environment.

but again, every company has their requirements and design, so i wont meddle much on your current setup, just hope to provide insights.

hope this helps and previous configuration work and applied for your requirement.

let me know how if i can be of further help
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question