Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1792
Views
0
Helpful
3
Replies

ASA 8.3 NAT Question

m.hoeschen
Level 1
Level 1

‎03-20-2010 04:30 AM - edited ‎03-11-2019 10:24 AM

Hello,

I hope someone could help me out. I'm trying to figure out how the new NAT is working in 8.3.

Problem:

I have an ASA behind an DSL connection with exact one dynamic external IP (e.g. home office). In my internal network I have two servers one FTP (listening on tcp/21) and another WEB (listening on tcp/80) server. Now I want to make this two servers accessible from the outside (internet). But I can't figure out the right commands...

(external) IP ASA: 217.1.2.3

IP Webserver: 10.1.1.10

IP FTP: 10.1.1.20

Since I have only one static external IP must I use static or dynamic NAT? Could someone post me the right configuration line?

Many thanks for your help,

Markus

Labels:
0 Helpful
3 Replies 3

m.hoeschen
Level 1
Level 1

‎03-20-2010 05:27 AM

I've solved my problem.
It's all about the order... The new more specific rules have to be procecced before my dynamic NAT rule (nat (inside,outside) source dynamic Inside-Company-LAN interface)
The Port translations rules have to be static rules by the way.
Thx,
Markus
0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee

‎03-20-2010 05:28 AM 

object network obj-web-10.1.1.10
   host 10.1.1.10
   nat (inside,outside) static interface service tcp 80 80

object network obj-ftp-10.1.1.20
   host 10.1.1.20
   nat (inside,outside) static interface service tcp 21 21

And remember the normal access-list on the outside interface to allow those traffic.

Hope that helps.



0 Helpful

vilaxmi
Cisco Employee
Cisco Employee
In response to Jennifer Halim

‎03-21-2010 11:37 AM

Hello,

Just to add what Halijenn already informed about the static translation, the inbound ACL in 8.3 code, bound to the outside interface,

should include the Local IP address of host, instead of Public IP address (peculiar of 8.3 code!).

Thank you

Vijaya

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card