07-21-2017 01:20 AM - edited 03-12-2019 02:43 AM
Hello,
I have a Cisco ASA on my network edge. I have INSIDE, DMZ and OUTSIDE.
There is a PAT rule for inside LAN users:
nat (inside,outside) source dynamic Users_LAN interface
Now I have installed a Web server in DMZ and I have a second public address I want to dedicate to the web server.
How can I configure a one-to-one NAT between the private and the public address of the server?
Note: I do not have access to ASDM and I am using CLI.
07-21-2017 01:28 AM
Hi,
You can use the following NAT:
ASA (config) #object network obj-real-IP
host 10.x
nat (inside,outside) static <public IP>
You would require an Access list on the outside interface to allow traffic
Regards,
Aditya
Please rate helpful and mark correct answers
07-21-2017 02:29 AM
Thank you Aditya,
But it does not work.
My Web server still have no access to outside internet
07-21-2017 02:32 AM
Hi,
Please share the output of packet tracer from the ASA.
Regards,
Aditya
Please rate helpful and mark correct answers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide