02-04-2020 09:32 AM
I need to configure DNAT in cisco asa. my servers in DMZ should be accessed from internet. Can anyone explain me the steps along with commands or asdm screenshots.
02-04-2020 09:51 AM
jonk34567,
It would help if you could post your interface and object configuration first. Then we can guide you through the necessary steps to enable NAT.
02-04-2020 09:53 AM
Hi,
Configuration will depends on whether you have extra public ip address available for every server or you will configure port forwarding on the outside interface of firewall. Let me put example for scenario if you have public IP available
1) if you have dedicated public IP available
object network webserver-external-ip
host 198.51.100.101
!
object network webserver
host 192.168.1.100
nat (dmz,outside) static webserver-external-ip service tcp www www
Further, you need told traffic to above webserver on the outside interface using ACL:
access-list outside_acl extended permit tcp any object webserver eq www
!
access-group outside_acl in interface outside
Reference for config examples:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: