06-12-2015 05:47 AM - edited 03-11-2019 11:06 PM
I have an easy question for someone. I am used to the pre-8.3 IOS version of nat'ing and am having some trouble on a newer version nat.
What I am wanting to do is port inbound http/https traffic from the outside in and send it to port 5081 on the inside address of 10.10.10.104. Can someone give me a hand on getting the ACL and nat statement for this?
What I have tried is this and it does not work:
access-list Outside_in extended permit tcp any any eq http
access-list Outside_in extended permit tcp any any eq https
nat (inside,outside) static outside 5081 10.10.10.104 5081 eq http
nat (inside,outside) static outside 5081 10.10.10.104 5081 eq http
Any help would be appreciated.
-Jon
06-13-2015 10:00 AM
Hi Jon,
When you say version pre-8.3, i am expecting you are mentioning version 8.2(just to say). In that case, this nat would not work as syntax is incorrect.
As per the description, here is my understanding :
Real Address : 10.10.10.104, Real Port 5081
Mapped Address : Outside interface IP address, mapped port 443 or 80
Suggested configuration:
static (inside,outside) tcp <outside-int-ip> <mapped-port> 10.10.10.104 5581
- In case of https, you might get some error that 443 can not be reserved. This comes when you have enabled 'http server enable'. This default use '443' for asdm traffic. Configure something like 'http server enable 4443'. Then you need to access asdm on port 4443 instead of 443 and this time ASA would take the nat statement.
- You can not redirect 80 and 443 traffic to same IP and Port of inside server through same mapped address.
Access-list looks fine:
access-list Outside_in extended permit tcp any any eq https
do not forget to attach it to interface:
access-group Outside_in in interface outside
Access below link to understand and configure the same :
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_staticpat.html#wp1071777
Let me know if you have any query on this.
Thanks and Regards,
Akshay Rastogi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide