10-26-2011 08:42 AM - edited 03-11-2019 02:42 PM
Hi All,
I worked on ASAs previoulsy, many version ago. This new 8.4 IOS is kind of throwing me for a loop. Also I have been out of firewalling for some time and trying to get back into the swing of things. So anyway, basically I am just trying to publish OWA on a specific ip address. this is what I have right now as my nat
nat (outside,inside) source dynamic any <real IP> destination static OWA_Server OWA_Server service https https
This is a new box with no real world network behind it, so I cannot test but when I do a packet trace I see:
Dynamic translate <real random IP>/4444 to <real IP>/27953
What concerns me in the translation is the port numbers.....am I looking at the wrong thing? or am I just doing this completely wrong?
TIA,
R
10-26-2011 10:47 AM
Hi,
look at this:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_objects.html#wp1106703
Regards.
Alain.
10-26-2011 12:19 PM
Hi R,
What i undesrtand is that you are trying to publish your OWA server to the outside world on port 443. The nat that you have is not actually corrcect, let me explain :
Lets say the public ip of OWA server is 1.1.1.1
and private ip is 10.1.1.1
then;
object network OWA_public
host 1.1.1.1
object network OWA_real
host 10.1.1.1
object service tcp_https
service tcp destination eq 443
nat (outside,inside) source static any any destination static OWA_public OWA_real service tcp_https tcp_https
Let me know if you have any questions regarding the above
Thanks,
Varun
10-26-2011 12:56 PM
I see now I should be using a static nat but the usage is still a little confusing to me.
when I enter the above and then do a packet trace on it I see the following:
static translate
which doesnt seem to make sense as to what i am after. am i looking at the packet tracer wrong?
thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide