12-13-2014 08:25 AM - edited 03-11-2019 10:13 PM
Hi Everyone,
I have only single Public IP on ASA outside interface.
Server is connected to inside network of ASA.I want server should be reachable from internet on port 443.
I try the static nat config on ASA
nat (inside,outside) ?
configure mode commands/options:
<1-2147483647> Position of NAT rule within before auto section
after-auto Insert NAT rule after auto section
source Source NAT parameters
There is no static command?
how can i config below config
nat (inside,outside) static interface service tcp http http in ASA 9.1 version?
Regards
MAhesh
Solved! Go to Solution.
12-14-2014 04:06 PM
For testing you can try to put all your manual nat after object NAT (using after auto command). So that you can confirm that there is no other NAT getting hit for the server traffic.
And also make sure that your ACL for this traffic has UN NATed (private IP address) of the server.
12-15-2014 05:03 PM
I put this object NAT statement at top of all the NATs.
Now i can telnet to server.
Many thanks for helping all the way.
Best Regards
MAhesh
12-13-2014 03:17 PM
For testing purposes i am only allowing telnet connection to server as SSH
and https is used by ASA itself.
When i try telnet from outside world to server IP
i see logs in ASA
%ASA-3-710003: TCP access denied by ACL from 70.75.x.x/49966 to outside:96.51.x.x/23
i have ACL that shows no hit counters
access-list outside_access_in extended permit tcp any object server eq telnet
pri/act/ASA1# sh run access-group
access-group outside_access_in in interface outside
Current NAT config
sh run nat
nat (outside,any) source static vpn_pool_ip vpn_pool_ip destination static inside inside description Allow Ping and SSH to 10.0.0.1 using Anyconnect with Full Tunnel
nat (inside,outside) source static inside inside destination static vpn_pool_ip vpn_pool_ip
nat (inside,outside) source static inside inside destination static inside inside
nat (outside,outside) source dynamic vpn_pool_ip interface description Allow Access to Internet using Anyconnect VPN
nat (sales,outside) source static Sales Sales destination static Sales Sales
nat (inside,outside) source dynamic inside interface description Allow R1 to ping to Internet Sites
nat (sales,outside) source dynamic Sales interface description Allow 2950 to Pint to Internet Sites
nat (sales,outside) source static Sales Sales destination static vpn_pool_ip vpn_pool_ip description Allow Ping to 2950 Switch while connected Via Anyconnect Full tunnel
!
object network server
nat (inside,outside) static interface service tcp telnet telnet
Regards
Mahesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide