Solved: create static nat rule cli

tolinrome tolinrome · ‎01-09-2014

I need to create a static nat rule that allows outside requests to the inside interface using http. I also need to create an access rule for this. Can someone please explain and show me the command I need to use in asa 5500 firewall version 9.x?

Thanks!

Jouni Forss · ‎01-09-2014

Hi,

Do you mean that you want to create Static NAT rule where the local IP address is the actual IP address of the ASA "inside" interface?

If so then that is not possible. You wont be able to connect to the "inside" interface through another interface even when using NAT configuration.

You would have to use VPN connection to be able to connect to the "inside" interface IP address.

Otherwise you will need to connect to the ASA with using the "outside" interface IP address.

If you meant that you want to configure Static NAT for some internal host then the configuration format would be

object network STATIC

host

nat (inside,outside) static

Hope this helps

- Jouni

View solution in original post

Jouni Forss · ‎01-09-2014

Hi,

Do you mean that you want to create Static NAT rule where the local IP address is the actual IP address of the ASA "inside" interface?

If so then that is not possible. You wont be able to connect to the "inside" interface through another interface even when using NAT configuration.

You would have to use VPN connection to be able to connect to the "inside" interface IP address.

Otherwise you will need to connect to the ASA with using the "outside" interface IP address.

If you meant that you want to configure Static NAT for some internal host then the configuration format would be

object network STATIC

host

nat (inside,outside) static

Hope this helps

- Jouni

tolinrome tolinrome · ‎01-09-2014

Thanks, that did it.

object network STATIC

host

nat (inside,outside) static