09-19-2018 01:32 PM - edited 02-21-2020 08:15 AM
Really simple question for a newb:
I have a single web server that I want to share on a static IP. I'll handle the ports via ACL instead of at the NAT level.
Inside Address: webhost-in 192.168.28.11
Desired Outside Address: webhost-out 1.2.3.4 (obviously hypothetical)
What I think the command should be is:
nat (outside,inside) source static webhost-in webhost-out no-proxy-arp
I've been out of the firewall management game since around 8.2, and I'm not sure if the commands are similar to what they used to be.
09-19-2018 01:42 PM
09-19-2018 02:11 PM
Hi,
NAT has changed between 8.2 and 9.x, here is an example for 9.x:- (you may need to change the inside, outside nameif if different in your environment).
object network WEBHOST
host 192.168.28.11
nat (inside,outside) static 1.2.3.4
access-list OUTSIDE->IN permit tcp any object WEBHOST eq 443
HTH
09-19-2018 02:38 PM
Should proxy arp be enabled or disabled for this? There's another concept that just soars right over my head.
09-20-2018 03:11 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide