Solved

Cisco ASA NAT rules for different port forwarding

Posted on 2016-08-30
3
83 Views
Last Modified: 2016-10-03
We're running two servers behind a Cisco ASA which need their IIS services published. As there's only one public IP address, one of the two IIS servers needs to be reachable on outside port 444. - In other words:
1.2.3.4:443 (outside) --> 192.168.1.10:443 (inside)
1.2.3.4:444 (outside) --> 192.168.1.11:443 (inside)

What are the right NAT rules?
0
Comment
Question by:zolcer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41776718
Depends on ASA version.
8.2
static (inside,outside) tcp interface 443 192.168.1.10 443 netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.11 443 netmask 255.255.255.255

8.3+
object network obj-192.168.1.10
host 192.168.1.10
nat (inside,outside) static interface service tcp 443 443

object network obj-192.168.1.11
host 192.168.1.11
nat (inside,outside) static interface service tcp 443 444

To verify: sh xlate detail
0
 
LVL 3

Author Closing Comment

by:zolcer
ID: 41776775
... exactly. Thanks!
0
 

Expert Comment

by:discuss120 discuss120
ID: 41826132
Hey,I am working within a network with DMZ and ASA Firewall with which I would like to change anyconnect VPN such that the user with AD credentials can access the servers without first logging in the DNS.Could you advise how I may do within my Firewall?
Thanks!!
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question