https://community.cisco.com/t5/network-security/nat-query/m-p/3681752#M14288 Dear Dennis,<BR />I didnt understood fully. can you please elaborate more please.?<BR /><BR /> Mon, 06 Aug 2018 06:29:00 GMT rocky2024 2018-08-06T06:29:00Z https://community.cisco.com/t5/network-security/nat-query/m-p/3681505#M14279 <P>Dear All,</P> <P>&nbsp;</P> <P>Please guide me on below query</P> <P>&nbsp;</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Server 10.1.1.1</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; |</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | dmz</P> <P>R3-----outside----ASA-inside--------PC-B</P> <P>Internet&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; |</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;|</P> <P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;server</P> <P>&nbsp;</P> <P>in above scenario, i am configuring object-nat to nat traffic from server 10.1.1.1 with outside interface to go to internet but why we need to permit real server IP 10.1.1.1 in ACL on outside interface ?</P> <P>&nbsp;</P> <P>object network REAL-SERVER</P> <P><STRONG>&nbsp; host 10.1.1.1</STRONG></P> <P>&nbsp; &nbsp; nat (DMZ,OUTSIDE)&nbsp;static 97.1.1.1&nbsp;service tcp https https</P> <P>&nbsp;</P> <P><STRONG>access-list OUTSIDE-IN permit tcp any&nbsp;object REAL-SERVER eq 443</STRONG></P> <P>access-group&nbsp;<SPAN>OUTSIDE-IN in interface <STRONG>OUTSIDE</STRONG></SPAN></P> <P>&nbsp;</P> <P><SPAN>why we need to permit above statement where we are defining real ip address for server ?&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>regards,</SPAN></P> Fri, 21 Feb 2020 16:03:32 GMT https://community.cisco.com/t5/network-security/nat-query/m-p/3681505#M14279 rocky2024 2020-02-21T16:03:32Z https://community.cisco.com/t5/network-security/nat-query/m-p/3681600#M14283 <P>because your NAT will be processed before an ACL will be processed</P> Mon, 06 Aug 2018 00:35:56 GMT https://community.cisco.com/t5/network-security/nat-query/m-p/3681600#M14283 Dennis Mink 2018-08-06T00:35:56Z https://community.cisco.com/t5/network-security/nat-query/m-p/3681752#M14288 Dear Dennis,<BR />I didnt understood fully. can you please elaborate more please.?<BR /><BR /> Mon, 06 Aug 2018 06:29:00 GMT https://community.cisco.com/t5/network-security/nat-query/m-p/3681752#M14288 rocky2024 2018-08-06T06:29:00Z