Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
967
Views
0
Helpful
3
Replies

NAT

atulpal singh
Level 1
Level 1

‎07-12-2019 09:24 PM

Hi , i have  a question. suppose i have a specific external ip who wants to access a internal server on a particular port .can we do a static routing on firewall which is asa ?

 

what i did is simply create a access list for a particular ip on asa and then just opened the particular port on server. then i did simple NATing (internal ip to external public ip address).

 

could i just skip all this and do static (one to one)  Nating on firewall (asa)?  was it going to affect any other server's connection to the internet ?

 

Is static NAT kind of port forwarding?   sorry i have number of questions..

Labels:
0 Helpful
3 Replies 3

omz
VIP Alumni
VIP Alumni

‎07-13-2019 12:41 AM

Hi

Allow Untrusted Hosts Access to Hosts on Your Trusted Network

This can be achieved through the application of a static NAT translation and an access rule to permit those hosts. You are required to configure this whenever an outside user would like to access any server that sits in your internal network. The server in the internal network will have a private IP address which is not routable on the Internet. As a result, you need to translate that private IP address to a public IP address through a static NAT rule. Suppose you have an internal server (172.16.11.5). In order to make this work, you need to translate this private server IP address to a public IP address. This example describes how to implement the bidirectional static NAT to translate 172.16.11.5 to 203.0.113.5.

 

Port Redirection (Forwarding) with Static

Port forwarding or port redirection is a useful feature where the outside users try to access an internal server on a specific port. NAT Port Forwarding is useful when you have a single public IP address and multiple devices behind it that you want to reach from the outside world.

 

0 Helpful

atulpal singh
Level 1
Level 1
In response to omz

‎07-13-2019 01:28 PM

yes, if somebody try to access a server on a particular port .How can we do that on asa ? suppose the public ip is 200.x.x.x and server is 192.168.0.5 . and someone wants to access the port on .5 port is 4500 . how can we achieve that ?
0 Helpful

Georg Pauwen
VIP
VIP
In response to atulpal singh

‎07-13-2019 02:06 PM

Hello,

 

is a static NAT entry on the ASA what you are looking for ? In the example below, the port the server is actually listening to is 5400 (use your own port), and to access the server from the outside, you would use the IP address of the outside interface, and port 4500:

 

ASA(config)# object network SERVER
ASA(config-network-object)# host 192.168.0.5
ASA(config-network-object)# nat (INSIDE,OUTSIDE) static interface service tcp 5400 4500

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card