cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


2101
Views
0
Helpful
1
Replies
Highlighted
Beginner

Inbound NAT on ASA 8.4

I am trying to setup an inbound NAT on an ASA5510 running 8.4 code.

Can someone verify my steps?

object network obj-192.168.1.2

host 192.168.1.2  (internal web server)

object network NAT-external IP

host ** external IP **

object network NAT-external IP

nat (outside,inside) static 192.168.1.2 service tcp https https

access-list outside_access_in extended permit tcp any host 10.2.0.10 eq https

This seems to be setup now?

sh nat

2 (outside) to (inside) source static NAT-*.*.*.*  192.168.1.2   service tcp https https

    translate_hits = 0, untranslate_hits = 0

sh access-l

access-list outside_access_in line 2 extended permit tcp any host 192.168.1.2 eq https (hitcnt=27) 0x59383a04

When I try to connect to the external IP using https I get hits on the access list, however the nat translate hits do not go up?

Do I need to allow the 192.168.1.2 server back out again?

Any help appreciated

Thanks

Roger

Everyone's tags (5)
1 REPLY 1

Inbound NAT on ASA 8.4

     Hello Roger,

The only problem is this:

object network NAT-external IP

nat (outside,inside) static 192.168.1.2 service tcp https http

Please remove that nat and do the following

object service tcp-443

service tcp source eq 443

exit

nat (inside,outside) source static obj-192.168.1.2   NAT-external IP service tcp-443 service tcp-443

Regards,

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC