Asa NAT Configration

broadleon · ‎07-30-2018

Im a bit confused,

I have DMZ Server that need access from a company for remote access, but they need to access many ports, i.e SSH. HTTPS, SSDP and FTP.

Object NAT works for one port and one object, but I don't want to have to create many objects for the same DMZ Server IP address,

I have tried Twice Nat with the same configuration as the object but Twice NAT doesn't work,

nat (inside,Outside) source static DMZServer interface service https https
!
object network DMZServer
nat (inside,Outside) static interface service tcp https https

the firewall blocks the connection for the twice nat. how can i get a working nat so i can list many ports required and use the same object.

Dennis Mink · ‎07-30-2018

object NAT dmz to outside (bidirectional) any (dont use ports) and let the outside interface ACL permit the ports.

remember to do a no nat from inside to dmz so you can actually access the server still for management

Please remember to rate useful posts, by clicking on the stars below.

broadleon · ‎07-30-2018

I found that removing the service ports makes the nat statement work as you suggested, but why doesn't work when you add the service ports ?

Any way to add the service ports in the nat ? Ive done this before but can't seam to work it out now, wondering if migrating to 9 to 9.2(4) has made any changes to the may nat works ?