03-20-2010 04:30 AM - edited 03-11-2019 10:24 AM
Hello,
I hope someone could help me out. I'm trying to figure out how the new NAT is working in 8.3.
Problem:
I have an ASA behind an DSL connection with exact one dynamic external IP (e.g. home office). In my internal network I have two servers one FTP (listening on tcp/21) and another WEB (listening on tcp/80) server. Now I want to make this two servers accessible from the outside (internet). But I can't figure out the right commands...
(external) IP ASA: 217.1.2.3
IP Webserver: 10.1.1.10
IP FTP: 10.1.1.20
Since I have only one static external IP must I use static or dynamic NAT? Could someone post me the right configuration line?
Many thanks for your help,
Markus
03-20-2010 05:27 AM
03-20-2010 05:28 AM
object network obj-web-10.1.1.10
host 10.1.1.10
nat (inside,outside) static interface service tcp 80 80
object network obj-ftp-10.1.1.20
host 10.1.1.20
nat (inside,outside) static interface service tcp 21 21
And remember the normal access-list on the outside interface to allow those traffic.
Hope that helps.
03-21-2010 11:37 AM
Hello,
Just to add what Halijenn already informed about the static translation, the inbound ACL in 8.3 code, bound to the outside interface,
should include the Local IP address of host, instead of Public IP address (peculiar of 8.3 code!).
Thank you
Vijaya
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: