ASA 8.3 NAT Question

Unanswered Question
Mar 20th, 2010

Hello,

I hope someone could help me out. I'm trying to figure out how the new NAT is working in 8.3.

Problem:

I have an ASA behind an DSL connection with exact one dynamic external IP (e.g. home office). In my internal network I have two servers one FTP (listening on tcp/21) and another WEB (listening on tcp/80) server. Now I want to make this two servers accessible from the outside (internet). But I can't figure out the right commands...

(external) IP ASA: 217.1.2.3

IP Webserver: 10.1.1.10

IP FTP: 10.1.1.20

Since I have only one static external IP must I use static or dynamic NAT? Could someone post me the right configuration line?

Many thanks for your help,

Markus

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.hoeschen Sat, 03/20/2010 - 05:27
I've solved my problem.
It's all about the order... The new more specific rules have to be procecced before my dynamic NAT rule (nat (inside,outside) source dynamic Inside-Company-LAN interface)
The Port translations rules have to be static rules by the way.
Thx,
Markus
Jennifer Halim Sat, 03/20/2010 - 05:28
object network obj-web-10.1.1.10
   host 10.1.1.10
   nat (inside,outside) static interface service tcp 80 80

object network obj-ftp-10.1.1.20
   host 10.1.1.20
   nat (inside,outside) static interface service tcp 21 21

And remember the normal access-list on the outside interface to allow those traffic.

Hope that helps.



vilaxmi Sun, 03/21/2010 - 11:37

Hello,

Just to add what Halijenn already informed about the static translation, the inbound ACL in 8.3 code, bound to the outside interface,

should include the Local IP address of host, instead of Public IP address (peculiar of 8.3 code!).

Thank you

Vijaya

Actions

This Discussion