02-22-2019 11:26 AM - edited 02-21-2020 08:51 AM
Hi, curious if it is possible to double NAT this home network setup.
Setup is FIOS ActionTec router with public IP natting to the 192.168.1.0/24 network.
The ASA outside interface receives IP(192.168.1.2) via DHCP from the actiontec.
I have no problem port forwarding from actiontec to the ASA's outside interface for ssh/asdm connectivity.
However I cannot port forward from the ASA outside to the ASA inside interface to websrv.
Is this possible? If so any help would be greatly appreciated.
Solved! Go to Solution.
02-22-2019 12:36 PM
02-22-2019 12:17 PM
02-22-2019 12:26 PM
My websrv(laptop) can access the internet ping google.com download updates etc..
and my second zone that is used for wireless access to the internet works both in and out.
Im trying to port forward 80 and 443 from outside to (inside)SERVER1
There's no auto-nat configured. - SERVER1 is connected to the inside interface
securebox# show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static any interface service HTTP HTTP
translate_hits = 27, untranslate_hits = 117
2 (inside) to (outside) source static SERVER1 interface service HTTPS HTTPS
translate_hits = 1, untranslate_hits = 235
3 (pc) to (outside) source dynamic obj_172.17.0.0 interface
translate_hits = 417, untranslate_hits = 0
4 (pc) to (outside) source dynamic obj_10.10.0.0 interface
translate_hits = 5567, untranslate_hits = 2
5 (inside) to (outside) source static SERVER1 interface
translate_hits = 115, untranslate_hits = 0
6 (outside) to (inside) source static WAN SERVER1 service HTTP HTTP
translate_hits = 0, untranslate_hits = 0
02-22-2019 12:36 PM
02-22-2019 01:52 PM
Superb - That fixed it, it was the nat statement
securebox(config)# show nat
Manual NAT Policies (Section 1)
1 (inside) to (outside) source static SERVER1 interface service HTTP HTTP
translate_hits = 1, untranslate_hits = 1
2 (inside) to (outside) source static SERVER1 interface service HTTPS HTTPS
translate_hits = 1, untranslate_hits = 235
3 (pc) to (outside) source dynamic obj_172.17.0.0 interface
translate_hits = 422, untranslate_hits = 0
4 (pc) to (outside) source dynamic obj_10.10.0.0 interface
translate_hits = 5573, untranslate_hits = 2
securebox(config)# show run object in-line
object network obj_172.17.0.0 subnet 172.17.0.0 255.255.255.0
object service HTTP service tcp source eq www
object network SERVER1 host 172.17.1.1
object service HTTPS service tcp source eq https
object network obj_10.10.0.0 subnet 10.10.0.0 255.255.255.0
object service SSH service tcp source eq ssh
object service SSH2222 service tcp source eq 2222
,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide