cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
1
Replies

ASA: NAT from an external host to an intenel server for all traffic

rherud
Level 1
Level 1

Hi guys,

today I am faced with a NAT issue and want to ask you for your valued advice.

An external host (and only this host) should access the outside interface of the ASA (OS rel. 8.4(7)30) and this should be translated to an internal server for all kind of traffic. (I test with HTTP)

NAT externer Host auf intenen Server.JPG
This translation should only be able for the external host IP because other hosts connect to the outside interface of the ASA too for AnyConnect etc. and this should not be affected!

I entered an ACL with the real address of the internal server as the destination and I tried different NAT-commands but the access failed every time.

The relevant code:

interface Ethernet0/0
 nameif if0
 security-level 0
 ip address 217.x.y.z 255.255.255.248

interface Ethernet0/1
 nameif if1
 security-level 100
 ip address 10.1.1.1 255.254.0.0


object network BABV
  host 141.a.b.c

object network BABV-Server
  host 10.1.6.121


access-list if0_access_in extended permit ip object-group BABV object BABV-Server

nat (if1,if0) source static BABV-Server BABV

The NAT-command ist most likeky wrong but I tried a lot of other variants and all failed.
Let's asume that no other NAT-command is configured on the ASA.

Can someone tell me the correct NAT-command for this situation or what's to do to get this working?

Thanks a lot for all your hints!!!



Bye

Rico

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
This is ISE forum, not sure of relevance? Perhaps move to appropriate forum?

View solution in original post

1 Reply 1

Jason Kunst
Cisco Employee
Cisco Employee
This is ISE forum, not sure of relevance? Perhaps move to appropriate forum?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: