Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
880
Views
5
Helpful
1
Replies

NAT address inbound and outbound

ohareka70
Level 3
Level 3

‎10-24-2018 11:16 AM - edited ‎02-21-2020 08:23 AM

Hello,

 

I have a new server on my dmz which needs external access to a public IP address outbound over tcp/2001

I also need external users to be able to hit this server externally inbound over https

 

I have setup an external dns called server.mydomain.com using an external static NAT and this worked ok

i used the same NAT to get outbound access to the public ip and have firewall rules in and routing for this but it wont connect.  Do i need to use a different NAT address and should the NAT address be hide/static nat

 

1 person had this problem
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎10-24-2018 11:22 AM

Hi,
You'll need to configure a static nat for the server in the dmz and then the appropriate access-list. I am assuming you are using ASA 9.x
E.g.

object network DMZ-SRV
host 192.168.10.5
nat (inside,outside) static 1.1.1.10

access-list OUTSIDE_IN permit tcp any host 192.168.10.5 eq 443
access-list IN_OUTSIDE permit tcp host 192.168.10.5 any eq 2001

HTH
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card