cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


413
Views
0
Helpful
3
Replies
Beginner

help with 8.4 natting

Hi All,

I worked on ASAs previoulsy, many version ago.  This new 8.4 IOS is kind of throwing me for a loop.  Also I have been out of firewalling for some time and trying to get back into the swing of things.  So anyway, basically I am just trying to publish OWA on a specific ip address.  this is what I have right now as my nat

nat (outside,inside) source dynamic any <real IP> destination static OWA_Server OWA_Server service https https

This is a new box with no real world network behind it, so I cannot test but when I do a packet trace I see:

Dynamic translate <real random IP>/4444 to <real IP>/27953

What concerns me in the translation is the port numbers.....am I looking at the wrong thing? or am I just doing this completely wrong?

TIA,

R

Everyone's tags (4)
3 REPLIES 3
Advisor

help with 8.4 natting

Hi,

look at this:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703

Regards.

Alain.

Don't forget to rate helpful posts.
Engager

help with 8.4 natting

Hi R,

What i undesrtand is that you are trying to publish your OWA server to the outside world on port 443. The nat that you have is not actually corrcect, let me explain :

Lets say the public ip of OWA server is 1.1.1.1

and private ip is 10.1.1.1

then;

object network OWA_public

host 1.1.1.1

object network OWA_real

host 10.1.1.1

object service tcp_https

  service tcp destination eq 443

nat (outside,inside) source static any any destination static OWA_public OWA_real service tcp_https tcp_https

Let me know if you have any questions regarding the above

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
Beginner

help with 8.4 natting

I see now I should be using a static nat but the usage is still a little confusing to me.

when I enter the above and then do a packet trace on it I see the following:

static translate /4576 to /4576

which doesnt seem to make sense as to what i am after.  am i looking at the packet tracer wrong?

thanks for your help.