Cisco 8.4 Nat

Hi guys, I have an ASA 5505 here running 8.4.

Now i gave the outside interface a x.x.x.163 outside

I want all inet traffic to be natted out to .165 going out

Also need to nat 166 coming inbound to my lan to server 192.168.1.2 on ports 443, 80

Please help me with this.

Thanks!
LVL 4
Cobra25Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
ffleismaConnect With a Mentor Senior Network EngineerCommented:
for the DMZ

object network obj_DMZ_Server1_internal_IP
 host a.a.a.a
!
object network obj_DMZ_Server1_external_IP
 host x.x.x.166

nat (dmz,outside) source static obj_DMZ_Server1_internal_IP obj_DMZ_Server1_external_IP


where a.a.a.a is the internal IP. please do note you'll have to place ACL on the outside interface

access-list outside_access_in extended permit tcp any host a.a.a.a eq https
access-list outside_access_in extended permit tcp any host a.a.a.a eq www


notice the ACl applies to the internal IP, this is because UN-NAT applies before the ACL.


for internet traffic going out NATed to x.x.x.165

object network obj_outside_x.x.x.165
 host x.x.x.165
!
nat (inside,outside) 1 source dynamic any obj_outside_x.x.x.165


And of lastly you'll need ACL on the inside interface to allow http/https traffic going out.


let me know if this helps
0
 
Cobra25Author Commented:
No one?
0
 
Cobra25Author Commented:
Don't have a DMZ

But i get your point..
0
 
ffleismaSenior Network EngineerCommented:
for servers being accessed from the outside, considering redesigning and putting it in a dmz. primarily if these published servers are compromised (hacked, infected, attacked DDoS) then it can impact the entire internal network without anything else in between it to stop access.

in case of dmz, this serves the purpose that you limit the following:

1. access from outside to dmz
2. dmz access to internal
3. internal access to dmz

this creates a more secure environment.

but again, every company has their requirements and design, so i wont meddle much on your current setup, just hope to provide insights.

hope this helps and previous configuration work and applied for your requirement.

let me know how if i can be of further help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.