• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 122
  • Last Modified:

Cisco ASA NAT rules for different port forwarding

We're running two servers behind a Cisco ASA which need their IIS services published. As there's only one public IP address, one of the two IIS servers needs to be reachable on outside port 444. - In other words:
1.2.3.4:443 (outside) --> 192.168.1.10:443 (inside)
1.2.3.4:444 (outside) --> 192.168.1.11:443 (inside)

What are the right NAT rules?
0
zolcer
Asked:
zolcer
1 Solution
 
SIM50Commented:
Depends on ASA version.
8.2
static (inside,outside) tcp interface 443 192.168.1.10 443 netmask 255.255.255.255
static (inside,outside) tcp interface 444 192.168.1.11 443 netmask 255.255.255.255

8.3+
object network obj-192.168.1.10
host 192.168.1.10
nat (inside,outside) static interface service tcp 443 443

object network obj-192.168.1.11
host 192.168.1.11
nat (inside,outside) static interface service tcp 443 444

To verify: sh xlate detail
0
 
zolcerAuthor Commented:
... exactly. Thanks!
0
 
discuss120 discuss120Commented:
Hey,I am working within a network with DMZ and ASA Firewall with which I would like to change anyconnect VPN such that the user with AD credentials can access the servers without first logging in the DNS.Could you advise how I may do within my Firewall?
Thanks!!
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now