Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1637
Views
0
Helpful
2
Replies

DNAT

jonk34567
Level 4
Level 4

‎02-04-2020 09:32 AM

I need to configure DNAT in cisco asa. my servers in DMZ should be accessed from internet. Can anyone explain me the steps along with commands or asdm screenshots.

Labels:
0 Helpful
2 Replies 2

Sergey Lisitsin
VIP Alumni
VIP Alumni

‎02-04-2020 09:51 AM

jonk34567,

 

It would help if you could post your interface and object configuration first. Then we can guide you through the necessary steps to enable NAT.

0 Helpful

Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-04-2020 09:53 AM

Hi,

 

Configuration will depends on whether you have extra public ip address available for every server or you will configure port forwarding on the outside interface of firewall. Let me put example for scenario if you have public IP available

 

1) if you have dedicated public IP available 

 

object network webserver-external-ip
 host 198.51.100.101
!
object network webserver
 host 192.168.1.100
 nat (dmz,outside) static webserver-external-ip service tcp www www

 Further, you need told traffic to above webserver on the outside interface using ACL:

 

access-list outside_acl extended permit tcp any object webserver eq www
!
access-group outside_acl in interface outside

 Reference for config examples:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card