Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Inbound NAT on ASA 8.4

I am trying to setup an inbound NAT on an ASA5510 running 8.4 code.

Can someone verify my steps?

object network obj-192.168.1.2

host 192.168.1.2  (internal web server)

object network NAT-external IP

host ** external IP **

object network NAT-external IP

nat (outside,inside) static 192.168.1.2 service tcp https https

access-list outside_access_in extended permit tcp any host 10.2.0.10 eq https

This seems to be setup now?

sh nat

2 (outside) to (inside) source static NAT-*.*.*.*  192.168.1.2   service tcp https https

    translate_hits = 0, untranslate_hits = 0

sh access-l

access-list outside_access_in line 2 extended permit tcp any host 192.168.1.2 eq https (hitcnt=27) 0x59383a04

When I try to connect to the external IP using https I get hits on the access list, however the nat translate hits do not go up?

Do I need to allow the 192.168.1.2 server back out again?

Any help appreciated

Thanks

Roger

Everyone's tags (5)
1 REPLY

Inbound NAT on ASA 8.4

     Hello Roger,

The only problem is this:

object network NAT-external IP

nat (outside,inside) static 192.168.1.2 service tcp https http

Please remove that nat and do the following

object service tcp-443

service tcp source eq 443

exit

nat (inside,outside) source static obj-192.168.1.2   NAT-external IP service tcp-443 service tcp-443

Regards,

Rate all the helpful posts

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
1895
Views
0
Helpful
1
Replies