Solved: NAT statements ASA 5510

forman102 · ‎09-09-2011

Hi,

I'm learning about ASA configuration and have question regarding NAT statements: there's server, which needs to be NAT'ed and have traffic allowed from certain outside IP (99.99.99.99) on HTTPS port. Server's private IP is: 10.10.10.10/24 and public is 66.66.66.66.

1. Should I just NAT it and allow HTTP traffic from 99.99.99.99 to it:

static (inside,outside) 66.66.66.66 10.10.10.10 netmask 255.255.255.255

access-list outside extended permit tcp host 99.99.99.99 host 66.66.66.66 eq https

2. or perhaps I should NAT it this way:

static (inside,outside) tcp 66.66.66.66 https 10.10.10.10 https netmask 255.255.255.255

and allow traffic with the same statement as above:

access-list outside extended permit tcp host 99.99.99.99 host 66.66.66.66 eq https

Which is the proper way of accomplishing this?

thanks

forman

Kureli Sankar · ‎09-09-2011

Either one will work. The first one is wider and you are dedicating a routable address to just one server 10.10.10.10

on the second one if there is another server 10.10.10.20 or .30 listening on port 80 or port 25 you can do

static (inside,outside) tcp 66.66.66.66 80 10.10.10.20 80 netmask 255.255.255.255

static (inside,outside) tcp 66.66.66.66 25 10.10.10.30 25 netmask 255.255.255.255

and allow permission via acl.

-KS

View solution in original post

Kureli Sankar · ‎09-09-2011

Either one will work. The first one is wider and you are dedicating a routable address to just one server 10.10.10.10

on the second one if there is another server 10.10.10.20 or .30 listening on port 80 or port 25 you can do

static (inside,outside) tcp 66.66.66.66 80 10.10.10.20 80 netmask 255.255.255.255

static (inside,outside) tcp 66.66.66.66 25 10.10.10.30 25 netmask 255.255.255.255

and allow permission via acl.

-KS

ALIAOF_ · ‎09-10-2011

Thank you, I learnt something interesting.

forman102 · ‎09-23-2011

Thank you Poonguzhali for clarifying this.