11-09-2020 03:45 AM
we have cisco ASA, i have NAT for outside public ip (lets say) 1.1.1.5 to private ip (lets say) 192.168.1.5
the rule : nat (outside,inside) 5 source static any any destination static 1.1.1.5 192.168.1.5
and i have access-list: access-list outside_access_in line 3 extended permit ip any object 1.1.1.5
everything i reachable from inside even the server is going to the internet with the NAT ip 1.1.1.5
but i cant reach the server from outside.
Solved! Go to Solution.
11-09-2020 03:53 AM
Hi @adel85
Try this:-
no nat (outside,inside) 5 source static any any destination static 1.1.1.5 192.168.1.5
no access-list: access-list outside_access_in line 3 extended permit ip any object 1.1.1.5
object network SERVER
host 192.168.1.5
nat (inside,outside) static 1.1.1.5
!
access-list outside_access_in extended permit ip any host 192.168.1.5
It's not wise permitting all traffic inbound from the internet, you may wish to lock down the ACL to permit only the required ports.
HTH
11-09-2020 03:53 AM
Hi @adel85
Try this:-
no nat (outside,inside) 5 source static any any destination static 1.1.1.5 192.168.1.5
no access-list: access-list outside_access_in line 3 extended permit ip any object 1.1.1.5
object network SERVER
host 192.168.1.5
nat (inside,outside) static 1.1.1.5
!
access-list outside_access_in extended permit ip any host 192.168.1.5
It's not wise permitting all traffic inbound from the internet, you may wish to lock down the ACL to permit only the required ports.
HTH
11-09-2020 03:56 AM
you are right but for now i am trying to to connect it from outside to reach it then i will permit specific ports
11-09-2020 04:02 AM
thx,problem solved
i had to access list the private IP not the public ip
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide