DNAT

jonk34567 — Tue, 04 Feb 2020 17:32:45 GMT

I need to configure DNAT in cisco asa. my servers in DMZ should be accessed from internet. Can anyone explain me the steps along with commands or asdm screenshots.

Re: DNAT

Sergey Lisitsin — Tue, 04 Feb 2020 17:51:07 GMT

jonk34567,

It would help if you could post your interface and object configuration first. Then we can guide you through the necessary steps to enable NAT.

Re: DNAT

Muhammad Awais Khan — Tue, 04 Feb 2020 17:53:52 GMT

Hi,

Configuration will depends on whether you have extra public ip address available for every server or you will configure port forwarding on the outside interface of firewall. Let me put example for scenario if you have public IP available

1) if you have dedicated public IP available

object network webserver-external-ip
 host 198.51.100.101
!
object network webserver
 host 192.168.1.100
 nat (dmz,outside) static webserver-external-ip service tcp www www

Further, you need told traffic to above webserver on the outside interface using ACL:

access-list outside_acl extended permit tcp any object webserver eq www
!
access-group outside_acl in interface outside

Reference for config examples:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

topic Re: DNAT in Network Security

DNAT

Re: DNAT

Re: DNAT