10-26-2011 08:42 AM - edited 03-11-2019 02:42 PM
Hi All,
I worked on ASAs previoulsy, many version ago. This new 8.4 IOS is kind of throwing me for a loop. Also I have been out of firewalling for some time and trying to get back into the swing of things. So anyway, basically I am just trying to publish OWA on a specific ip address. this is what I have right now as my nat
nat (outside,inside) source dynamic any <real IP> destination static OWA_Server OWA_Server service https https
This is a new box with no real world network behind it, so I cannot test but when I do a packet trace I see:
Dynamic translate <real random IP>/4444 to <real IP>/27953
What concerns me in the translation is the port numbers.....am I looking at the wrong thing? or am I just doing this completely wrong?
TIA,
R
10-26-2011 10:47 AM
Hi,
look at this:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703
Regards.
Alain.
10-26-2011 12:19 PM
Hi R,
What i undesrtand is that you are trying to publish your OWA server to the outside world on port 443. The nat that you have is not actually corrcect, let me explain :
Lets say the public ip of OWA server is 1.1.1.1
and private ip is 10.1.1.1
then;
object network OWA_public
host 1.1.1.1
object network OWA_real
host 10.1.1.1
object service tcp_https
service tcp destination eq 443
nat (outside,inside) source static any any destination static OWA_public OWA_real service tcp_https tcp_https
Let me know if you have any questions regarding the above
Thanks,
Varun
10-26-2011 12:56 PM
I see now I should be using a static nat but the usage is still a little confusing to me.
when I enter the above and then do a packet trace on it I see the following:
static translate
which doesnt seem to make sense as to what i am after. am i looking at the packet tracer wrong?
thanks for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: