https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090961#M133872 <P>Hello,</P> <P>I&nbsp;have a Cisco ASA on my network edge. I have INSIDE, DMZ and OUTSIDE.&nbsp;</P> <P>There is a PAT rule for inside LAN users:</P> <P>nat (inside,outside) source dynamic Users_LAN interface</P> <P></P> <P>Now I have installed a Web server in DMZ and I have a second public address I want to dedicate to the web server.</P> <P>How can I configure a one-to-one NAT between the private and the public address of the server?</P> <P></P> <P>Note: I do not have access to ASDM and I am using CLI.</P> Tue, 12 Mar 2019 09:43:19 GMT fabflorent 2019-03-12T09:43:19Z https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090961#M133872 <P>Hello,</P> <P>I&nbsp;have a Cisco ASA on my network edge. I have INSIDE, DMZ and OUTSIDE.&nbsp;</P> <P>There is a PAT rule for inside LAN users:</P> <P>nat (inside,outside) source dynamic Users_LAN interface</P> <P></P> <P>Now I have installed a Web server in DMZ and I have a second public address I want to dedicate to the web server.</P> <P>How can I configure a one-to-one NAT between the private and the public address of the server?</P> <P></P> <P>Note: I do not have access to ASDM and I am using CLI.</P> Tue, 12 Mar 2019 09:43:19 GMT https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090961#M133872 fabflorent 2019-03-12T09:43:19Z https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090962#M133877 <P>Hi,</P> <P></P> <P>You can use the following NAT:</P> <P></P> <P>ASA (config) #object network obj-real-IP</P> <P>host 10.x<G class="gr_ gr_204 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling" id="204" data-gr-id="204">.x</G>.x</P> <P>nat (inside,outside) static&nbsp;&lt;public IP&gt;</P> <P></P> <P>You would require an Access list on the outside interface to allow traffic <G class="gr_ gr_278 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" id="278" data-gr-id="278">for</G> the DMZ server.</P> <P></P> <P class="p1"><SPAN class="s1">Regards,</SPAN></P> <P class="p2"><SPAN class="s1"></SPAN></P> <P class="p1"><SPAN class="s1">Aditya</SPAN></P> <P class="p1"><SPAN class="s1">Please rate helpful and mark correct answers</SPAN></P> Fri, 21 Jul 2017 08:28:38 GMT https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090962#M133877 Aditya Ganjoo 2017-07-21T08:28:38Z https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090963#M133880 <P>Thank you&nbsp;<SPAN>Aditya,&nbsp;</SPAN></P> <P><SPAN>But it does not work.&nbsp;</SPAN></P> <P><SPAN>My Web server still have no access to outside internet</SPAN></P> <P><SPAN></SPAN></P> Fri, 21 Jul 2017 09:29:53 GMT https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090963#M133880 fabflorent 2017-07-21T09:29:53Z https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090964#M133886 <P>Hi,</P> <P></P> <P>Please share the output of packet tracer from the ASA.</P> <P></P> <P class="p1"><SPAN class="s1">Regards,</SPAN></P> <P class="p2"><SPAN class="s1"></SPAN></P> <P class="p1"><SPAN class="s1">Aditya</SPAN></P> <P class="p1"><SPAN class="s1">Please rate helpful and mark correct answers</SPAN></P> Fri, 21 Jul 2017 09:32:32 GMT https://community.cisco.com/t5/network-security/nat-one-to-one-on-asa/m-p/3090964#M133886 Aditya Ganjoo 2017-07-21T09:32:32Z