Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3370
Views
0
Helpful
3
Replies

NAT one-to-one on ASA

fabflorent
Level 1
Level 1

‎07-21-2017 01:20 AM - edited ‎03-12-2019 02:43 AM

Hello,

I have a Cisco ASA on my network edge. I have INSIDE, DMZ and OUTSIDE. 

There is a PAT rule for inside LAN users:

nat (inside,outside) source dynamic Users_LAN interface

Now I have installed a Web server in DMZ and I have a second public address I want to dedicate to the web server.

How can I configure a one-to-one NAT between the private and the public address of the server?

Note: I do not have access to ASDM and I am using CLI.

Labels:
0 Helpful
3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎07-21-2017 01:28 AM

Hi,

You can use the following NAT:

ASA (config) #object network obj-real-IP

host 10.x.x.x

nat (inside,outside) static <public IP>

You would require an Access list on the outside interface to allow traffic for the DMZ server.

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

fabflorent
Level 1
Level 1
In response to Aditya Ganjoo

‎07-21-2017 02:29 AM

Thank you Aditya, 

But it does not work. 

My Web server still have no access to outside internet

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to fabflorent

‎07-21-2017 02:32 AM

Hi,

Please share the output of packet tracer from the ASA.

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card