cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

109
Views
5
Helpful
1
Replies
Highlighted
Contributor

ASA 5505 (8.4) - Multiple Static Port Translation Rules to the Same Server

I have an office with one outside IP address and two internal servers.

I currently have an object nat for SERVER1 (HTTPS) to OUTSIDE (8443) and

object nat for SERVER2 (HTTP) to OUTSIDE (8080)

I want to add SERVER2 (HTTPS) to OUTSIDE (8444) because SERVER2 needs web and secure web for a while.

My question is, should I:

1) Create another object for SERVER2 and create another object nat, for my new port or

2) Create a regular static nat rule, or

3) Change then existing rules to static nat rules and also create the new one as a static nat rule?

Do most people use object nat for everything or static nat for everything, or object for the first and then static for the rest?  I'm just looking to follow a standard that most people use.

 

Thanks,

Allen

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

AllenI'm not sure there is a

Allen

I'm not sure there is a standard as such, it's really up to you.

That said there is a very good document on this site by an experienced ASA engineer which gives recommendations as to where to place certain rules and I tend to use that as a guide.

But like I say it is whatever works best for you.

Here is the link -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Jon

View solution in original post

1 REPLY 1
Highlighted
Hall of Fame Guru

AllenI'm not sure there is a

Allen

I'm not sure there is a standard as such, it's really up to you.

That said there is a very good document on this site by an experienced ASA engineer which gives recommendations as to where to place certain rules and I tend to use that as a guide.

But like I say it is whatever works best for you.

Here is the link -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Jon

View solution in original post