https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811166#M165733 <P>Hi Haider,</P> <P>In the current configuration we are having a one to one NAT. Here one inside IP is mapped to one public IP. Any outside user can access this IP from outside if it is permitted via ACL.</P> <P>If you have multiple servers inside your netwrok then either we can create multple NAT like above with different map IP or we can create multiple static nat with the same IP using the different port translation. This depends on your requirement, if you do not want the communication via a specifc port then you can create multiple static NAT entries.</P> <P>Please refer&nbsp;</P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_overview.html</P> <P>sample configuration:<BR /> object network obj-10.1.1.16<BR /> host &lt;real IP&gt;<BR /> nat (inside,outside) static 192.168.100.100 service tcp &lt;real port&gt; &lt;mapped port&gt;</P> <P></P> <P>Thanks,<BR />Shivapramod M<BR />Please remember to select a correct answer and rate helpful posts</P> Fri, 27 Nov 2015 01:15:27 GMT Shivapramod M 2015-11-27T01:15:27Z https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811162#M165729 <P>Hi guys,</P> <P></P> <P>I'm trying to start with a basic setup configuration on a 5505 FW version 8.3(1) where I would like for resources to be access from inside to outside, and from outside to inside.</P> <P>In this example i have 2 laptops sat on each interface and I would like to be able to ping, IIS from one to the other and vice versa.</P> <P>I can access (Ping + IIS) remote laptop from inside to outside. However, I cannot access from outside to inside.<BR /><BR />I've tried adding a rule allowing traffic from outside to in. I've also changed the security levels to match. Unfortunatley that didn't work.<BR /><BR />Do I have to look at the NAT to get this working?</P> <P>Your input is much appreciated.<BR /><BR />Config file attached</P> <P></P> <P>Image is attached:</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/inside-out-outside-in_3.png" class="migrated-markup-image" /></P> Tue, 12 Mar 2019 06:56:03 GMT https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811162#M165729 haidar_alm 2019-03-12T06:56:03Z https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811163#M165730 <P>Hi Haider,</P> <P></P> <P>Please configure a static NAT to access this device which is inside your network.</P> <P>object network obj-10.1.1.6<BR /> host &lt;Real IP&gt;<BR /> nat (inside,outside) static&nbsp;&lt;mapped IP&gt;</P> <P>Since you have allowed all the traffic from out to in we do not need any seperate access list to permit the traffic.</P> <P>Thanks,</P> <P>Shivapramod M</P> <P>P.S. Please rate helpful posts.</P> Mon, 23 Nov 2015 15:27:47 GMT https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811163#M165730 Shivapramod M 2015-11-23T15:27:47Z https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811164#M165731 <P>Hi Shivapramod,</P> <P>Many thanks for the helpful reply. This has worked..<BR /><BR />What if I have many servers on both ends and I would like for users from the outside to access servers on the inside and users from the inside to access servers from the outside?</P> Tue, 24 Nov 2015 08:57:06 GMT https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811164#M165731 haidar_alm 2015-11-24T08:57:06Z https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811165#M165732 <P>Hi Shiva,<BR /><BR />Would you be able to answer my second question please rather than me opening a new post if you don't mind?<BR /><BR />This is my NAT statement on the ASA:</P> <P>object network obj-Outside-IP <BR />&nbsp;host x.x.200.110</P> <P><BR />object network obj-Outside-IP<BR /> nat (inside,outside) static x.x.200.155</P> <P>What I'm trying to achieve this time is rather than having one laptop connect to a single laptop is to have many resources on the inside access resources on the outside, and vise versa.. <BR /><BR />Just need confirmation before I plug this one in.<BR /><BR />Many thanks,</P> <P></P> <P></P> <P></P> Thu, 26 Nov 2015 11:31:35 GMT https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811165#M165732 haidar_alm 2015-11-26T11:31:35Z https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811166#M165733 <P>Hi Haider,</P> <P>In the current configuration we are having a one to one NAT. Here one inside IP is mapped to one public IP. Any outside user can access this IP from outside if it is permitted via ACL.</P> <P>If you have multiple servers inside your netwrok then either we can create multple NAT like above with different map IP or we can create multiple static nat with the same IP using the different port translation. This depends on your requirement, if you do not want the communication via a specifc port then you can create multiple static NAT entries.</P> <P>Please refer&nbsp;</P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_overview.html</P> <P>sample configuration:<BR /> object network obj-10.1.1.16<BR /> host &lt;real IP&gt;<BR /> nat (inside,outside) static 192.168.100.100 service tcp &lt;real port&gt; &lt;mapped port&gt;</P> <P></P> <P>Thanks,<BR />Shivapramod M<BR />Please remember to select a correct answer and rate helpful posts</P> Fri, 27 Nov 2015 01:15:27 GMT https://community.cisco.com/t5/network-security/asa-5505-access-from-inside-to-outside-and-outside-to-inside/m-p/2811166#M165733 Shivapramod M 2015-11-27T01:15:27Z