DNAT

jonk34567 · ‎02-04-2020

I need to configure DNAT in cisco asa. my servers in DMZ should be accessed from internet. Can anyone explain me the steps along with commands or asdm screenshots.

Sergey Lisitsin · ‎02-04-2020

jonk34567,

It would help if you could post your interface and object configuration first. Then we can guide you through the necessary steps to enable NAT.

Muhammad Awais Khan · ‎02-04-2020

Hi,

Configuration will depends on whether you have extra public ip address available for every server or you will configure port forwarding on the outside interface of firewall. Let me put example for scenario if you have public IP available

1) if you have dedicated public IP available

object network webserver-external-ip
 host 198.51.100.101
!
object network webserver
 host 192.168.1.100
 nat (dmz,outside) static webserver-external-ip service tcp www www

Further, you need told traffic to above webserver on the outside interface using ACL:

access-list outside_acl extended permit tcp any object webserver eq www
!
access-group outside_acl in interface outside

Reference for config examples:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html