07-12-2019 09:24 PM
Hi , i have a question. suppose i have a specific external ip who wants to access a internal server on a particular port .can we do a static routing on firewall which is asa ?
what i did is simply create a access list for a particular ip on asa and then just opened the particular port on server. then i did simple NATing (internal ip to external public ip address).
could i just skip all this and do static (one to one) Nating on firewall (asa)? was it going to affect any other server's connection to the internet ?
Is static NAT kind of port forwarding? sorry i have number of questions..
07-13-2019 12:41 AM
Hi
Allow Untrusted Hosts Access to Hosts on Your Trusted Network
This can be achieved through the application of a static NAT translation and an access rule to permit those hosts. You are required to configure this whenever an outside user would like to access any server that sits in your internal network. The server in the internal network will have a private IP address which is not routable on the Internet. As a result, you need to translate that private IP address to a public IP address through a static NAT rule. Suppose you have an internal server (172.16.11.5). In order to make this work, you need to translate this private server IP address to a public IP address. This example describes how to implement the bidirectional static NAT to translate 172.16.11.5 to 203.0.113.5.
Port Redirection (Forwarding) with Static
Port forwarding or port redirection is a useful feature where the outside users try to access an internal server on a specific port. NAT Port Forwarding is useful when you have a single public IP address and multiple devices behind it that you want to reach from the outside world.
07-13-2019 01:28 PM
07-13-2019 02:06 PM
Hello,
is a static NAT entry on the ASA what you are looking for ? In the example below, the port the server is actually listening to is 5400 (use your own port), and to access the server from the outside, you would use the IP address of the outside interface, and port 4500:
ASA(config)# object network SERVER
ASA(config-network-object)# host 192.168.0.5
ASA(config-network-object)# nat (INSIDE,OUTSIDE) static interface service tcp 5400 4500
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide