Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
2
Replies

Simple static nat to internal servers

Don Weston
Level 1
Level 1

‎01-21-2010 08:57 AM - edited ‎03-11-2019 09:59 AM

I have been trying to configure 2 static nat

rules to allow traffic to pass to a internal server for http and RDP services

here is what I currently have working:

interface eth 0/0 "extranet"   IP: 64.xxx.xxx.148

interface eth 0/1 "intranet"    IP  10.xxx.xxx.1

WEB/RDP SERVER           IP  10.xxx.xxx.13

nat-control
global (extranet) 1 interface
nat (intranet) 1 0.0.0.0 0.0.0.0

route extranet 0.0.0.0 0.0.0.0 64.xxx.xxx.145 1
access-group outside_in in interface extranet

access-list outside_in extended permit icmp any any  'for troubleshooting purposes

so far this works fine, I've added variations of access-list/static rule examples I've seen posted to try and create the routing to the internal server but nothing seems to work.

The server in question does ave access going out and  I can access the web abd RDP services from internal addresses.

a little nudge in the right direction would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

Don Weston
Level 1
Level 1

‎01-21-2010 09:00 AM

Sorry, I should have mentioned I'm running ASA Version 8.0(4) as well.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎01-21-2010 09:46 AM 

don.weston@virtusllc.com
I have been trying to configure 2 static nat
 rules to allow traffic to pass to a internal server for http and RDP services
here is what I currently have working:
interface eth 0/0 "extranet"   IP: 64.xxx.xxx.148
interface eth 0/1 "intranet"    IP  10.xxx.xxx.1
WEB/RDP SERVER           IP  10.xxx.xxx.13
nat-control
global (extranet) 1 interface
nat (intranet) 1 0.0.0.0 0.0.0.0
route extranet 0.0.0.0 0.0.0.0 64.xxx.xxx.145 1
access-group outside_in in interface extranet
access-list outside_in extended permit icmp any any  'for troubleshooting purposes
so far this works fine, I've added variations of access-list/static rule examples I've seen posted to try and create the routing to the internal server but nothing seems to work.
The server in question does ave access going out and  I can access the web abd RDP services from internal addresses.
a little nudge in the right direction would be greatly appreciated.

Don

If you are presenting the internal web server on it's own address -

static (intranet,extranet) 10.xxx.xxx.13 10.xxx.xxx.13 netmask 255.255.255.255

access-list outside_in permit tcp any host 10.xxx.xxx.13 eq http

access-list outside_in permit tcp any host 10.xxx.xxx.13 eg 389

if you are presenting the web server a different address eg. 64.xxx.xxx.150

static (intranet,extranet) 64.xxx.xxx.150 10.xxx.xxx.13 netmask 255.255.255.255

access-list outside_in permit tcp any host 64.xxx.xxx.150 eq http

access-list outside_in permit tcp any host 64.xxx.xxx.150 eg 389

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card