02-04-2020 09:32 AM
I need to configure DNAT in cisco asa. my servers in DMZ should be accessed from internet. Can anyone explain me the steps along with commands or asdm screenshots.
02-04-2020 09:51 AM
jonk34567,
It would help if you could post your interface and object configuration first. Then we can guide you through the necessary steps to enable NAT.
02-04-2020 09:53 AM
Hi,
Configuration will depends on whether you have extra public ip address available for every server or you will configure port forwarding on the outside interface of firewall. Let me put example for scenario if you have public IP available
1) if you have dedicated public IP available
object network webserver-external-ip
host 198.51.100.101
!
object network webserver
host 192.168.1.100
nat (dmz,outside) static webserver-external-ip service tcp www www
Further, you need told traffic to above webserver on the outside interface using ACL:
access-list outside_acl extended permit tcp any object webserver eq www
!
access-group outside_acl in interface outside
Reference for config examples:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide