Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
4
Replies

ASA 5510 8.3(1) DMZ nat

Revocatus Kishiwa
Level 1
Level 1

‎11-21-2013 12:52 AM - edited ‎03-11-2019 08:07 PM

Anyone to help me, I want nat my dmz to be able accessed using public ip.

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎11-21-2013 12:57 AM

first you should upgrade your ASA to a more recent version.

For your NAT you need something like the following if you only have a single IP (assuming the server has to be reachable with HTTPS, has to be adjusted if you need ozher protocols):

object network Server

  host 10.10.10.10

  nat (inside,outside) static interface service tcp 443 443

access-list OUTSIDE-ACCESS-IN extended permit tcp any object Server eq 443

access-group OUTSIDE-ACCESS-IN in interface outside

If you have a dedicated public IP (1.2.3.4 in my example) for that server, the NAT-Statement looks like the following:

object network Server

  nat (inside,outside) static 1.2.3.4

And if you want to learn more about NAT on the ASA, here is the link to the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Karsten Iwen

‎11-21-2013 12:12 PM

I found this link to be very helpful when I was transitioning to the 8.3 way of NATing.

https://supportforums.cisco.com/docs/DOC-9129

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎11-21-2013 10:31 PM

Hello,

One of my blog posts that might help as well

http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

jumora
Level 7
Level 7
In response to Julio Carvajal

‎11-22-2013 09:34 PM

Do you need anything else????

Value our effort and rate the assistance!

Value our effort and rate the assistance!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card