The other day I had to configure a Static nat entry on a 8.2 ASA. It
had been a while since I had done this since almost everything I work
with is 8.3 and above. I thought I would make an entry for myself and
maybe to help someone along the way.
Example – I have public IP 1.1.1.10 and I need to forward in port 443
to my internal server of 192.168.1.10. I have an access-list Outside-IN
applied to my outside interface. Note if the 1.1.1.10 is my outside
interface IP (lets say I have only one public IP) then we would use the interface key word
ASA config –
config t
static (inside,outside) tcp 1.1.1.10 443 192.168.1.10 443
access-list Outside-IN permit tcp any host 1.1.1.10 eq 443
or
static (inside,outside) tcp interface 443 192.168.1.10 443
access-list Outside-IN permit tcp any host 1.1.1.10 eq 443
That’s it!
Compared to 8.3 and above –
object network 192.168.1.10
host 192.168.1.10
nat (inside,outside) static interface service tcp 443 443
access-list Outside-IN permit tcp any host 192.168.1.10 eq 443 — Notice the internal IP.
Resource:
http://travelingpacket.com/2014/08/04/cisco-asa-8-2-and-below-static-nat/
No comments:
Post a Comment