Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
5
Helpful
1
Replies

ASA 5505 (8.4) - Multiple Static Port Translation Rules to the Same Server

Go to solution
amercer00
Level 5
Level 5

‎10-21-2015 05:32 AM - edited ‎03-11-2019 11:46 PM

I have an office with one outside IP address and two internal servers.

I currently have an object nat for SERVER1 (HTTPS) to OUTSIDE (8443) and

object nat for SERVER2 (HTTP) to OUTSIDE (8080)

I want to add SERVER2 (HTTPS) to OUTSIDE (8444) because SERVER2 needs web and secure web for a while.

My question is, should I:

1) Create another object for SERVER2 and create another object nat, for my new port or

2) Create a regular static nat rule, or

3) Change then existing rules to static nat rules and also create the new one as a static nat rule?

Do most people use object nat for everything or static nat for everything, or object for the first and then static for the rest?  I'm just looking to follow a standard that most people use.

 

Thanks,

Allen

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-21-2015 05:38 AM

Allen

I'm not sure there is a standard as such, it's really up to you.

That said there is a very good document on this site by an experienced ASA engineer which gives recommendations as to where to place certain rules and I tend to use that as a guide.

But like I say it is whatever works best for you.

Here is the link -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Jon

View solution in original post

1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-21-2015 05:38 AM

Allen

I'm not sure there is a standard as such, it's really up to you.

That said there is a very good document on this site by an experienced ASA engineer which gives recommendations as to where to place certain rules and I tend to use that as a guide.

But like I say it is whatever works best for you.

Here is the link -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card