Solved

Cisco ASA NAT rules for different port forwarding

Posted on 2016-08-30
3
95 Views
Last Modified: 2016-10-03
We're running two servers behind a Cisco ASA which need their IIS services published. As there's only one public IP address, one of the two IIS servers needs to be reachable on outside port 444. - In other words:
1.2.3.4:443 (outside) --> 192.168.1.10:443 (inside)
1.2.3.4:444 (outside) --> 192.168.1.11:443 (inside)

What are the right NAT rules?
0
Comment
Question by:zolcer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41776718
Depends on ASA version.
8.2
static (inside,outside) tcp interface 443 192.168.1.10 443 netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.11 443 netmask 255.255.255.255

8.3+
object network obj-192.168.1.10
host 192.168.1.10
nat (inside,outside) static interface service tcp 443 443

object network obj-192.168.1.11
host 192.168.1.11
nat (inside,outside) static interface service tcp 443 444

To verify: sh xlate detail
0
 
LVL 3

Author Closing Comment

by:zolcer
ID: 41776775
... exactly. Thanks!
0
 

Expert Comment

by:discuss120 discuss120
ID: 41826132
Hey,I am working within a network with DMZ and ASA Firewall with which I would like to change anyconnect VPN such that the user with AD credentials can access the servers without first logging in the DNS.Could you advise how I may do within my Firewall?
Thanks!!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question