Cisco ASA5510 9.x code, ASDM understanding issues
Posted on 2014-08-18
I am having some major angst with the new cisco 9.x nat rules and asdm interface and can not figure out what to do. I have been trying everything under the sun to get it to work. I understood it completely in the 8.x stuff, but the 9.x is just confusing me with everything they are needing. Please stay with me on this, I'll do my best to describe it.
First, a few setup things.
Internal Network is 10.30.x.x/16 (port0)
DMZ Network is 10.31.0.0 /21 (port3)
External Network is 18.104.22.168 /24 (port1) (not the real numbers but something real for explanation)
I have 1 host in the internal network
That I want to get to a host on the DMZ network (10.31.0.21) on port 1180. In other words, Internally from any port and any ip to port 1180 on the 10.31.0.21 host.
Seems simple enough and should be able to route to it, with access rules. However, with packet tracer, it says that a NAT rule is preventing this from happening....which then makes me think I have my NAT rules hosed up.
I would like to static, one to one nat 22.214.171.124 from the outside to 10.31.0.21 on the DMZ Seems fairly simple....I think, but I am being asked all kinds of questions .
I think I want a "Network Object" NAT rule, and not one of those NAT RULES with all of the Match rules and translated packets. This is where I am TOTALLY lost.
From the outside I want to open up ssh, ftp, ftp-data, http, https, 990, and a few others..... I believe these use to be DMZ INCOMING rules....., but now I think they are Outside incoming rules. Okay.....do I use the OUTSIDE address of 126.96.36.199, or do I use the translated address of 10.31.0.21?
Totally confused trying to do something that was so simple in pre 9.x days.