11-21-2013 12:52 AM - edited 03-11-2019 08:07 PM
Anyone to help me, I want nat my dmz to be able accessed using public ip.
11-21-2013 12:57 AM
first you should upgrade your ASA to a more recent version.
For your NAT you need something like the following if you only have a single IP (assuming the server has to be reachable with HTTPS, has to be adjusted if you need ozher protocols):
object network Server
host 10.10.10.10
nat (inside,outside) static interface service tcp 443 443
access-list OUTSIDE-ACCESS-IN extended permit tcp any object Server eq 443
access-group OUTSIDE-ACCESS-IN in interface outside
If you have a dedicated public IP (1.2.3.4 in my example) for that server, the NAT-Statement looks like the following:
object network Server
nat (inside,outside) static 1.2.3.4
And if you want to learn more about NAT on the ASA, here is the link to the config-guide:
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
11-21-2013 12:12 PM
I found this link to be very helpful when I was transitioning to the 8.3 way of NATing.
https://supportforums.cisco.com/docs/DOC-9129
--
Please rate all helpful posts.
11-21-2013 10:31 PM
Hello,
One of my blog posts that might help as well
http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
11-22-2013 09:34 PM
Do you need anything else????
Value our effort and rate the assistance!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: