help with 8.4 natting

rhltechie · ‎10-26-2011

Hi All,

I worked on ASAs previoulsy, many version ago. This new 8.4 IOS is kind of throwing me for a loop. Also I have been out of firewalling for some time and trying to get back into the swing of things. So anyway, basically I am just trying to publish OWA on a specific ip address. this is what I have right now as my nat

nat (outside,inside) source dynamic any <real IP> destination static OWA_Server OWA_Server service https https

This is a new box with no real world network behind it, so I cannot test but when I do a packet trace I see:

Dynamic translate <real random IP>/4444 to <real IP>/27953

What concerns me in the translation is the port numbers.....am I looking at the wrong thing? or am I just doing this completely wrong?

TIA,

R

cadet alain · ‎10-26-2011

Hi,

look at this:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703

Regards.

Alain.

Don't forget to rate helpful posts.

varrao · ‎10-26-2011

Hi R,

What i undesrtand is that you are trying to publish your OWA server to the outside world on port 443. The nat that you have is not actually corrcect, let me explain :

Lets say the public ip of OWA server is 1.1.1.1

and private ip is 10.1.1.1

then;

object network OWA_public

host 1.1.1.1

object network OWA_real

host 10.1.1.1

object service tcp_https

service tcp destination eq 443

nat (outside,inside) source static any any destination static OWA_public OWA_real service tcp_https tcp_https

Let me know if you have any questions regarding the above

Thanks,

Varun

Thanks,
Varun Rao

rhltechie · ‎10-26-2011

I see now I should be using a static nat but the usage is still a little confusing to me.

when I enter the above and then do a packet trace on it I see the following:

static translate /4576 to /4576

which doesnt seem to make sense as to what i am after. am i looking at the packet tracer wrong?

thanks for your help.