cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


413
Views
0
Helpful
5
Replies
Highlighted
Beginner

Inbound Static Nat on ASA 8.3

Hi,

Is it possible to configure a inbound static nat from multible public subnets to 1 internal mail server on an ASA 5510 with

Software Version 8.3(2)34.

Need to allow access  from the public subnets listed below to the internal mail server on port 25.

207.211.31.0/24

207.211.30.0/24

205.139.110.0/24

205.139.111.0/24

Thank You

Everyone's tags (3)
5 REPLIES 5

Re: Inbound Static Nat on ASA 8.3

Hello, Mani.

I would configure static network object NAT (unless you need to limit translation to the external servers only):

object-group network EXTERNAL_MAIL_SERVERS

network-object 207.211.30.0 255.255.254.0

network-object 205.139.110.0 255.255.254.0

object network INTERNAL_MAIL_SERVER

host 10.0.0.100

nat (inside, outside) static interface service tcp 25 25

access-list OUTSIDE_IN extended permit tcp object-group EXTERNAL_MAIL_SERVERS object INTERNAL_MAIL_SERVER eq 25

Beginner

Re: Inbound Static Nat on ASA 8.3

Thank you for the reply.

The external mail servers will need to forward to 154.11.11.30 a IP address in the firewall subnet range and then forwarded to 10.0.0.100. I will need to translate out bound mail to 154.11.11.30 and then out to the internet.

OutSide                                                     Firewall                      Mailserver inside

207.211.30.0 255.255.254.0     >         154.11.11.30       >           10.0.0.100

205.139.110.0 255.255.254.0              

Thank You

Re: Inbound Static Nat on ASA 8.3

Hello.

If the IP-address (154.11.11.30) is the one that provider assigned you, then:

  • if the IP-address is assign on public ASA interface, then use configuration from my last post;
  • if it's not assigned to ASA's interface, but within public IP-range provider has assigned you, then adjust my last configuration with

object network INTERNAL_MAIL_SERVER

host 10.0.0.100

nat (inside, outside) static 154.11.11.30 service tcp 25 25

Beginner

Re: Inbound Static Nat on ASA 8.3

Once Again Thank You. I will be trying the config below provided by you. One question, is it possible to do this config in a manual nat?

object-group network EXTERNAL_MAIL_SERVERS

network-object 207.211.30.0 255.255.254.0

network-object 205.139.110.0 255.255.254.0

object network INTERNAL_MAIL_SERVER

host 10.0.0.100

nat (inside, outside) static 154.11.11.30 service tcp 25 25

access-list OUTSIDE_IN extended permit tcp object-group EXTERNAL_MAIL_SERVERS object INTERNAL_MAIL_SERVER eq 25

Re: Inbound Static Nat on ASA 8.3

Hello.

One question, is it possible to do this config in a manual nat?

Not sure what did you mean as "manual nat".

If you are talking about ASDM, then, sorry, I've never used it to configure ASA (only to monitor).