Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 8.3(1) DMZ nat

Anyone to help me, I want nat my dmz to be able accessed using public ip.

  • Firewalling
4 REPLIES
VIP Purple

Re: ASA 5510 8.3(1) DMZ nat

first you should upgrade your ASA to a more recent version.

For your NAT you need something like the following if you only have a single IP (assuming the server has to be reachable with HTTPS, has to be adjusted if you need ozher protocols):

object network Server

  host 10.10.10.10

  nat (inside,outside) static interface service tcp 443 443

access-list OUTSIDE-ACCESS-IN extended permit tcp any object Server eq 443

access-group OUTSIDE-ACCESS-IN in interface outside

If you have a dedicated public IP (1.2.3.4 in my example) for that server, the NAT-Statement looks like the following:

object network Server

  nat (inside,outside) static 1.2.3.4

And if you want to learn more about NAT on the ASA, here is the link to the config-guide:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_overview.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
VIP Green

Re: ASA 5510 8.3(1) DMZ nat

I found this link to be very helpful when I was transitioning to the 8.3 way of NATing.

https://supportforums.cisco.com/docs/DOC-9129

--

Please rate all helpful posts.

-- Please remember to rate and select a correct answer

Re: ASA 5510 8.3(1) DMZ nat

Hello,

One of my blog posts that might help as well

http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
Cisco Employee

ASA 5510 8.3(1) DMZ nat

Do you need anything else????

Value our effort and rate the assistance!

Value our effort and rate the assistance!
237
Views
0
Helpful
4
Replies