Solved

Cisco ASA NAT rules for different port forwarding

Posted on 2016-08-30
3
59 Views
Last Modified: 2016-10-03
We're running two servers behind a Cisco ASA which need their IIS services published. As there's only one public IP address, one of the two IIS servers needs to be reachable on outside port 444. - In other words:
1.2.3.4:443 (outside) --> 192.168.1.10:443 (inside)
1.2.3.4:444 (outside) --> 192.168.1.11:443 (inside)

What are the right NAT rules?
0
Comment
Question by:zolcer
3 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41776718
Depends on ASA version.
8.2
static (inside,outside) tcp interface 443 192.168.1.10 443 netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.11 443 netmask 255.255.255.255

8.3+
object network obj-192.168.1.10
host 192.168.1.10
nat (inside,outside) static interface service tcp 443 443

object network obj-192.168.1.11
host 192.168.1.11
nat (inside,outside) static interface service tcp 443 444

To verify: sh xlate detail
0
 
LVL 3

Author Closing Comment

by:zolcer
ID: 41776775
... exactly. Thanks!
0
 

Expert Comment

by:discuss120 discuss120
ID: 41826132
Hey,I am working within a network with DMZ and ASA Firewall with which I would like to change anyconnect VPN such that the user with AD credentials can access the servers without first logging in the DNS.Could you advise how I may do within my Firewall?
Thanks!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now