03-20-2015 11:12 AM - edited 03-11-2019 10:40 PM
I have an ASA with 9.2.3. I need to forward from the outside interface to a client on the inside. I have a list of about 40 ports that need forward. I would really just like to forward anything tom outside address to inside client. And filter traffic using acl. I am having issues getting this correct.
Should I jsut do a standard static NAT?
Outside Inside
172.16.23.x ----> 10.0.0.2
Inside Outside
10.0.0.2 --------> 172.16.23.x
03-20-2015 12:00 PM
Is it the outside interface IP address or a spare IP address ?
Jon
03-20-2015 12:03 PM
Outside. So, I need all traffic hitting the outside interface address forwarded to a host on inside.
03-20-2015 12:27 PM
Do you really want to do that ie any port is sent to a single host ?
I'm not sure how this would work with any outbound access you may have at the moment.
Jon
03-20-2015 12:47 PM
Jon,
Yes, as far as I know this is for 1 machine that needs a real world IP address, but to be behind a firewall. So basically is ASA5505 with one machine behind it. It is not on our normal network
So essentially we are just provided 1 machine a real world IP, but putting it behind a FW so you can ACL just certain ports
03-20-2015 01:15 PM
Okay then but obviously no guarantees -
object network <NAME>
host 10.0.0.2
nat (inside,outside) static 172.16.23.x
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide