06-19-2019 05:15 AM
If I have the below, hosts trying to reach this subnet from Outside are automatically untranslated correct?:
object network Natted_Hosts
subnet 200.10.10.0 255.255.255.0
nat (any,outside) dynamic interface
06-19-2019 05:47 AM
06-19-2019 08:14 AM
06-19-2019 09:15 AM
Hi,
For that NAT (Dynamic) this is unidirectional. If you wanted hosts accessible to the Outside you would need to setup a static NAT which is bidirectional. You would also as you say need relevant ACL entries allowing traffic.
I'm assuming you don't want a whole /24 accessible to the Outside? If you only have 1 public IP available, e.g your Outside interface then you could setup port forwarding for various hosts on your Inside network.
06-19-2019 09:56 AM
06-19-2019 09:59 AM
06-19-2019 10:34 AM
Wasn't aware there were other NATs etc..
Might be best posting a santised config and what it is you're trying to achieve and I'm sure we can provide some advice.
06-19-2019 02:00 PM
kindly please if possible to upload the config in order to help you.
06-23-2019 11:29 AM
06-23-2019 01:48 PM
you might have many nat rules in place if we suggest you one it could break the other functional nat. from above post i see you want to allow a whole subnet to be access able from outside. curious if you have any spare public ip addresses. as landing/coming from outside to mapping to (if you have a single ip address) your interested subnet is not a good practice.
however, you can change the ip addresses if you thing they are sensitive. remember we are here to help. and give you a good advise to make things works where you get stuck :)
as you have a dynamic rule in your nat. you need to change this to static. as mentioned earlier by GRANT
I wont recommand this to you but unless you do not have any public ip addresses. but here is the config like are
!
Object network BlackBelt
subnet 192.168.100.0 255.255.255.0
!
nat (inside,outside) 1 source static BlackBelt interface
!
access-list outside_in exten permit tcp any subnet 192.168.100.0 255.255.255.0 eq https (or)
access-list outside_in exten permit tcp any object BlackBelt eq https
!
access-group outside_in in interface outside
!
you need to narrow down what protocol in regards to transport layer need to be access from outside to your inside(interested) subnet.
07-03-2019 02:12 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: