Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
5
Replies

static nat for server in ASA 8.6

Go to solution
mahesh18
Level 6
Level 6

‎10-21-2015 09:40 AM - edited ‎03-11-2019 11:46 PM

Hi Everyone,

We have server with public IP and users from outside internet need access to it.
On firewall outside interface i config the ACL to allow access to server on certain ports.

For traffic back from the server i need to config the NAT
Outside interface of firewall has public IP.

NAT config i need to verify here

 

object network obj-192.168.100.0
 subnet 192.168.100.0 255.255.255.0
object network obj-192.168.100.33
 host 192.168.100.33

interface GigabitEthernet0/1
 no shutdown
 nameif inside
 security-level 100
 ip address 192.168.100.25 255.255.255.0

object network obj-192.168.100.0
 nat (inside,outside) dynamic interface

object network obj-192.168.100.33
 nat (inside,outside) static 131.x.x.x

Regards
Mahesh

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎10-21-2015 10:59 AM

Hi Mahesh,

You configuration is correct.

You static nat statement would take care of bidirectional traffic(return traffic would be handled by the xlate entry formed by this static nat). You dynamic nat would help providing the internet access to your 192.168.100.0 subnet.

As you are using post 8.3 version, you need to configure private address(192.168.100.33) as destination in outside ACL as post 8.3 version uses Real IP for allowing traffic on outside.

 

Mark the answer as correct if it answers your queries.

Regards,

Akshay Rastogi

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mahesh18

‎10-21-2015 01:16 PM

Yes that is correct.

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎10-21-2015 10:59 AM

Hi Mahesh,

You configuration is correct.

You static nat statement would take care of bidirectional traffic(return traffic would be handled by the xlate entry formed by this static nat). You dynamic nat would help providing the internet access to your 192.168.100.0 subnet.

As you are using post 8.3 version, you need to configure private address(192.168.100.33) as destination in outside ACL as post 8.3 version uses Real IP for allowing traffic on outside.

 

Mark the answer as correct if it answers your queries.

Regards,

Akshay Rastogi

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Akshay Rastogi

‎10-21-2015 11:58 AM

So for traffic to server from outside I am using real ip on ACL on outside interface.

Is this correct?

 

Regards

Mahesh

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mahesh18

‎10-21-2015 01:16 PM

Yes that is correct.

Jon

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Jon Marshall

‎10-26-2015 07:55 AM

Many thanks Jon

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to mahesh18

‎10-21-2015 08:31 PM

Hi Mahesh,

Yes. It is new way it is configured in versions post 8.3. You could go through the link below to understand the changes done from version pre 8.3 to post 8.3 :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html

 

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card