AS500

mostafa EL-bashar · ‎06-04-2014

if i have As500 connected to modem at wan port and my network in lan port . i have 8 real static ip . i want to nat my lan network to real ip . there are server in my lan

1- i want server to take real static ip so i can access it from wan (internet) or

2- i want server to take private ip as my network and make port forwarding in as500

my question : what configuration i should do for the two solution above

Colin Higgins · ‎06-04-2014

Sounds like you want to set up a static NAT for your internal server and allow access on particular ports to it from the outside.

For ASA IOS versions 8.3 and above, you would set up a network object like this:

object network obj-192.168.20.10

host 192.168.20.10

nat (inside,outside) static <public ip address>

where the public ip is one of the addresses is in your static block.

Then set up an access list on the outside interface that points to the internal address (this is called "real IP on version 8.3+")

access-list outside-in extended permit tcp any host 192.168.20.10 eq 80

access-group outside-in in interface outside

see https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

for more details

Marius Gunnerud · ‎06-06-2014

Colin is correct that you need a static NAT but I think the configuration is wrong for your appliance.

I am assuming you mean the SA500 security appliance?

If so then I think the setting is done under Networking > Optional Port > Protocol Binding

However, I think it would be better to move this post to the Small Business forum, they will have a better idea of how this is done on your device.

https://supportforums.cisco.com/community/5901/small-business-security

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts