07-27-2016 07:01 PM - edited 03-07-2019 12:17 AM
Hi everyone
Im new in Cisco environment and currently im trying to allow my server to public ip.
Our server are connecting to C4506-E > ASA 5455 > Peplink Balance 580
For peplink, all the configuration are correct as NAT mapping are straightforward.
I also have try 1-on-1 NAT at ASA 5545 however it still failed to translate to public ip.
Below are the ASA configuration i've done so far.
=======================================
object network SERVER_1
host 192.168.xxx.xx (internal ip)
-----
access-list outside_access_in extended permit tcp any object SERVER_1 eq www
----
nat (inside,dome) static 1.x.xxx.xx.x (public ip)
object network SERVER_1
object network SERVER_1wan
=======================================
Thanks for help.
07-27-2016 10:48 PM
07-28-2016 01:34 AM
Hi Luke
my private ip are 1.9.214.61
I wish to do 1on1 nat between the server and outside interface.
ASA Version 9.1(2)
Thanks.
07-29-2016 03:02 PM
1. Create: An object group with the internal host defined, static NAT statement, and the access control list permitting the type of traffic the NAT statement is setup for.
object network WebServer1
host 1.9.214.61
nat (inside,dome) static interface service tcp 80 80
access-list WebServer1-Outside-Access-In permit tcp any host 1.9.214.61 eq 80
exit
access-group WebServer1-Outside-Access-In in interface dome
07-31-2016 05:51 PM
Hi Luke
I will try to do ammend the configuration and will let you know if the configuration is correct.
Thanks for the help btw :)
08-02-2016 09:40 PM
I have tried to configured as you guide lukeoxley and when im trying to do packet tracer it show as attached.
The server are connecting to our core switch 4506-e
08-03-2016 01:13 AM
Hi,
As I understand the scenario you want to access the server(dome) from outside (internet). Then try to what's I mentioned in my previous post.
Thanks
08-03-2016 02:24 PM
Please rate helpful posts and mark correct answers.
08-03-2016 02:24 PM
Hi Luke;
I don’t want to argue with you, instead of pointing please understand the issue before giving suggestion. May be 7days old post (rleave001 replay to your post) will help you to understand the issue?
And best of luck to resolve this issue.
Thanks & Best regards;
08-03-2016 02:56 PM
07-29-2016 03:31 PM
Hi;
To configure the NAT on ASA firewall, so outside world can access your server in DMZ (dome) area.
Step 1: Create a network object for the Dome Server:
hostname(config)# object network Dome_SRV1
Step 2: Define the server address:
hostname(config-network-object)# host 1.9.214.61
Step 3: Configure static NAT for the object:
hostname(config-network-object)# nat (dome,wan) static X.X.X.X (Public IP address).
Once nat is configured properly then you need to allow the traffic on you WAN interface:
access-list outside_access_in extended permit tcp any object Dome_SRV1 eq www
access-group outside_access_in in interface wan
Thanks & Best regards.
07-29-2016 03:45 PM
07-29-2016 04:09 PM
Hi Luke;
Please review the requirement;
Point #1 - we have 3 interface inside,wan and dome.
Point #2 - 1 of them is Dome and we trying to use dome for server purposes only.
Point #3 - To do 1on1 nat between the server and outside interface.
Now which configure is reflecting the requirement.
Thanks & Best regards;
07-29-2016 04:22 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: