Solved

Cisco 8.4 Nat

Posted on 2014-02-25
4
410 Views
Last Modified: 2014-03-01
Hi guys, I have an ASA 5505 here running 8.4.

Now i gave the outside interface a x.x.x.163 outside

I want all inet traffic to be natted out to .165 going out

Also need to nat 166 coming inbound to my lan to server 192.168.1.2 on ports 443, 80

Please help me with this.

Thanks!
0
Comment
Question by:Cobra25
  • 2
  • 2
4 Comments
 
LVL 4

Author Comment

by:Cobra25
ID: 39887961
No one?
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 500 total points
ID: 39888671
for the DMZ

object network obj_DMZ_Server1_internal_IP
 host a.a.a.a
!
object network obj_DMZ_Server1_external_IP
 host x.x.x.166

nat (dmz,outside) source static obj_DMZ_Server1_internal_IP obj_DMZ_Server1_external_IP


where a.a.a.a is the internal IP. please do note you'll have to place ACL on the outside interface

access-list outside_access_in extended permit tcp any host a.a.a.a eq https
access-list outside_access_in extended permit tcp any host a.a.a.a eq www


notice the ACl applies to the internal IP, this is because UN-NAT applies before the ACL.


for internet traffic going out NATed to x.x.x.165

object network obj_outside_x.x.x.165
 host x.x.x.165
!
nat (inside,outside) 1 source dynamic any obj_outside_x.x.x.165


And of lastly you'll need ACL on the inside interface to allow http/https traffic going out.


let me know if this helps
0
 
LVL 4

Author Comment

by:Cobra25
ID: 39894140
Don't have a DMZ

But i get your point..
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39894482
for servers being accessed from the outside, considering redesigning and putting it in a dmz. primarily if these published servers are compromised (hacked, infected, attacked DDoS) then it can impact the entire internal network without anything else in between it to stop access.

in case of dmz, this serves the purpose that you limit the following:

1. access from outside to dmz
2. dmz access to internal
3. internal access to dmz

this creates a more secure environment.

but again, every company has their requirements and design, so i wont meddle much on your current setup, just hope to provide insights.

hope this helps and previous configuration work and applied for your requirement.

let me know how if i can be of further help
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Radius ASA Authentication Failed 4 72
Cisco 1811W VLAN configuration problem 3 29
New firewall implementation guidance 12 61
How to setup 3 isps on a redundant mode? 3 29
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question