I am new to Cisco firewalls and would like to know what is the best practice for creating an external ip address and port into my network and then redirecting that to a specific machine. I am thinking of using a global ip address and then only allowing this type of traffic to talk to the specific destnation and on that specific port. Is this the correct course of action? Or os there a better or more effecient way of allowing this process using ADSM.
Basically when you are attempting to allow traffic from the external public network to some of your servers/hosts you will either use Static NAT or Static PAT
Static NAT is when you bind a single public IP address to be used by only one internal host. This is usually the preferred option if you can spare a single public IP address for your server, meaning you probably have a small public subnet from your ISP.
Static PAT is when you only allocate certain ports on your public IP address and map them to a local port on the host. This is usually the option when you only have a single public IP address that is configured on your ASAs external interface. Or perhaps in a situation when you just want to conserver your public IP addresses even though you might have a few of them.
In Static NAT case you configure the Static NAT and use the interface ACL to allow the services you require.
In Static PAT you only create a translation for a specific port/service so only connections to that port are possible. Naturally you will also have to allow those services/ports in the interface ACL just like with Static NAT.
Again if you can spare the public IP addresses then I would go with Static NAT or if you only have a single or few IP addresses you can consider Static PAT (Port Forward) also.
I dont personally use ASDM for configurations but can help you with the required CLI format configurations. These can actually be done through ASDM also from the Tools -> Command Line Interface menus at the top.
This would have to be done for each port you need forwarded with Static PAT. The above example is for "tcp", it might as well be "udp"
The above example has the interfaces "inside" and "outside" as they are the most typical ones used. If the interfaces are named differently on your case then you would need to enter the interface interfaces name instead of "inside" and the external interfaces name instead of "outside".
Naturally if you can provide a requirements on what you need to configure then it will be easier to help you.
You can for example get the complete firewall configuration by doing the following
Go to the ASDM
Go to Tools -menu
Go to Command Line Interface
Enter the command "show run" and send the command to the device. This should provide the current configuration in the ASDM window you entered the above command.
Naturally dont share any public IP address information in the actual post or any other sensitive information.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...