SlideShare a Scribd company logo

Configuring nat on cisco asa

Download as DOCX, PDF
IT Tech
IT Tech

Network address translation (NAT) allows you to translate private to public addresses. With CISCO ASA firewall, You can configure 2 types of NAT: - Dynamic NAT (including PAT - port address translation) - Static NAT

TechnologyEducation
1 of 3
How to Configure NAT on Cisco ASA Network address translation (NAT) allows you to translate private to public addresses. With CISCO ASA firewall, You can configure 2 types of NAT: - Dynamic NAT (including PAT - port address translation) - Static NAT Nat example (Web server must send responses to a client on public/mapped address): Dynamic NAT allows You to translate internal addresses to a predefined set or pool of public addresses You define. The "nat" command defines which internal hosts, and the "global" command defines public address range in which internal addresses will be translated. Number "1" in nat configuration defines NAT ID (number of NAT rule), and must match on "nat" and "global" command: ASA1(config)#nat (inside) 1 192.168.15.0 255.255.255.0 ASA1(config)#global (outside) 1 193.222.168.113-193.222.168.116 255.255.255.240 PAT translates a range of internal addresses to 1 public address by mapping them to a different ports: ASA1(config)#nat (inside) 1 192.168.15.0 255.255.255.0 ASA1(config)#global (outside) 1 193.222.168.113 Instead of ip address in a global command, it's possible to define word "interface". That way, the internal addresses will automatically be PAT-ed into the address of an outside inteface: ASA1(config)#nat (inside) 1 192.168.15.0 255.255.255.0
ASA1(config)#global (outside) 1 interface Static NAT, allows You to permanently map public ip address and port to an inside one (port forwarding). Along with that, cisco allows 1:1 NAT, or "mirroring", which translates all internal ports of a private address to the same ports on a public address (bi-directional). Of course, to enable traffic flow from the "outsude" to the "inside" interface, traffic also must be allowed with the Access control list. Port forwarding: Port forwarding of publicly available ports to an internal addresses. After configuring NAT, to enable traffic flow from outside to inside hosts, You must apply access-lists which will allow the traffic. Finally, to activate acl, bind it on a "outside" interface with the "access-group" command: ASA1(config)#static (inside,outside) tcp 209.165.201.3 http 10.2.2.28 http netmask 255.255.255.255 ASA1(config)#static (inside,outside) tcp 209.165.201.3 ftp 10.2.2.27 ftp netmask 255.255.255.255 ASA1(config)#static (inside,outside) tcp 209.165.201.3 smtp 10.2.2.29 smtpnetmask 255.255.255.255 ASA1(config)#access-list outside_in_acl extended permit tcp any host 209.165.201.3 eq http ASA1(config)#access-list outside_in_acl extended permit tcp any host 209.165.201.3 eq ftp
ASA1(config)#access-list outside_in_acl extended permit tcp any host 209.165.201.3 eqsmtp ASA1(config)#access-group outside_in_acl in interface outside Static 1:1nat, (every public port maped to the same internal port): ASA1(config)#static (inside,outside) 209.165.201.4 10.2.2.45 netmask 255.255.255.255 To allow traffic flow from lower security interface "outside", to higher security interface "inside", access control list must be applied. More Related Cisco ASA Tips: Site-to-Site IPSEC VPN between Two Cisco ASA 5520 How to Configure Dual ISP on Cisco ASA 5505? Cisco ASA 8.4 vs. Typical NAT/PAT Configuration Eight Commands on a Cisco ASA Security Appliance You Should Know VLAN Sub-Interfaces on Cisco ASA 5500 Firewall Configuration How to Configure Cisco ASA 5505 Firewall?

Recommended

How to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routersHow to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routers
IT Tech
 
How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?
Pankaj Rane
 
Network protocols
Network protocolsNetwork protocols
Network protocols
IT Tech
 
Nagios
NagiosNagios
Nagios
charlielefebvre14
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0
aqpjuan
 
The feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsThe feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 models
IT Tech
 
Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3
IT Tech
 
Ordering guide for cisco isr g2
Ordering guide for cisco isr g2Ordering guide for cisco isr g2
Ordering guide for cisco isr g2
IT Tech
 

Recommended

How to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routersHow to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routers
IT Tech
 
How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?How to configure Nagios in Fedora ?
How to configure Nagios in Fedora ?
Pankaj Rane
 
Network protocols
Network protocolsNetwork protocols
Network protocols
IT Tech
 
Nagios
NagiosNagios
Nagios
charlielefebvre14
 
5. mrtg in nagios1 0
5. mrtg in nagios1 05. mrtg in nagios1 0
5. mrtg in nagios1 0
aqpjuan
 
The feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 modelsThe feature licenses available for main cisco asa 5500 models
The feature licenses available for main cisco asa 5500 models
IT Tech
 
Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3Cisco switch selector layer2 or layer3
Cisco switch selector layer2 or layer3
IT Tech
 
Ordering guide for cisco isr g2
Ordering guide for cisco isr g2Ordering guide for cisco isr g2
Ordering guide for cisco isr g2
IT Tech
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
IT Tech
 
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareComputer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Shripal Oswal
 
Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpe
sharad chhetri
 
GTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesGTU PHP Project Training Guidelines
GTU PHP Project Training Guidelines
TOPS Technologies
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlow
NetFlow Analyzer
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...
IT Tech
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Central management of network and call services
Central management of network and call servicesCentral management of network and call services
Central management of network and call services
Nazmul Hossain Rakib
 
Line cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesLine cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switches
IT Tech
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
Rafat Khandaker
 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
Jose Manuel Vega Monroy
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
IT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
IT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
IT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
IT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
IT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
IT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
IT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
IT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
IT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
IT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
IT Tech
 

More Related Content

Viewers also liked

Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlow
NetFlow Analyzer
 

Viewers also liked (11)

BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
 
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardwareComputer repair -_a_complete_illustrated_guide_to_pc_hardware
Computer repair -_a_complete_illustrated_guide_to_pc_hardware
 
Nagios nrpe
Nagios nrpeNagios nrpe
Nagios nrpe
 
GTU PHP Project Training Guidelines
GTU PHP Project Training GuidelinesGTU PHP Project Training Guidelines
GTU PHP Project Training Guidelines
 
Plugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlowPlugging Network Security Holes Using NetFlow
Plugging Network Security Holes Using NetFlow
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...
 
How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
 
Central management of network and call services
Central management of network and call servicesCentral management of network and call services
Central management of network and call services
 
Line cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switchesLine cards that are available for cisco catalyst 4500 series switches
Line cards that are available for cisco catalyst 4500 series switches
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
 
Netflow slides
Netflow slidesNetflow slides
Netflow slides
 

More from IT Tech

More from IT Tech (20)

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Recently uploaded (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 

Configuring nat on cisco asa

  • 1. How to Configure NAT on Cisco ASA Network address translation (NAT) allows you to translate private to public addresses. With CISCO ASA firewall, You can configure 2 types of NAT: - Dynamic NAT (including PAT - port address translation) - Static NAT Nat example (Web server must send responses to a client on public/mapped address): Dynamic NAT allows You to translate internal addresses to a predefined set or pool of public addresses You define. The "nat" command defines which internal hosts, and the "global" command defines public address range in which internal addresses will be translated. Number "1" in nat configuration defines NAT ID (number of NAT rule), and must match on "nat" and "global" command: ASA1(config)#nat (inside) 1 192.168.15.0 255.255.255.0 ASA1(config)#global (outside) 1 193.222.168.113-193.222.168.116 255.255.255.240 PAT translates a range of internal addresses to 1 public address by mapping them to a different ports: ASA1(config)#nat (inside) 1 192.168.15.0 255.255.255.0 ASA1(config)#global (outside) 1 193.222.168.113 Instead of ip address in a global command, it's possible to define word "interface". That way, the internal addresses will automatically be PAT-ed into the address of an outside inteface: ASA1(config)#nat (inside) 1 192.168.15.0 255.255.255.0
  • 2. ASA1(config)#global (outside) 1 interface Static NAT, allows You to permanently map public ip address and port to an inside one (port forwarding). Along with that, cisco allows 1:1 NAT, or "mirroring", which translates all internal ports of a private address to the same ports on a public address (bi-directional). Of course, to enable traffic flow from the "outsude" to the "inside" interface, traffic also must be allowed with the Access control list. Port forwarding: Port forwarding of publicly available ports to an internal addresses. After configuring NAT, to enable traffic flow from outside to inside hosts, You must apply access-lists which will allow the traffic. Finally, to activate acl, bind it on a "outside" interface with the "access-group" command: ASA1(config)#static (inside,outside) tcp 209.165.201.3 http 10.2.2.28 http netmask 255.255.255.255 ASA1(config)#static (inside,outside) tcp 209.165.201.3 ftp 10.2.2.27 ftp netmask 255.255.255.255 ASA1(config)#static (inside,outside) tcp 209.165.201.3 smtp 10.2.2.29 smtpnetmask 255.255.255.255 ASA1(config)#access-list outside_in_acl extended permit tcp any host 209.165.201.3 eq http ASA1(config)#access-list outside_in_acl extended permit tcp any host 209.165.201.3 eq ftp
  • 3. ASA1(config)#access-list outside_in_acl extended permit tcp any host 209.165.201.3 eqsmtp ASA1(config)#access-group outside_in_acl in interface outside Static 1:1nat, (every public port maped to the same internal port): ASA1(config)#static (inside,outside) 209.165.201.4 10.2.2.45 netmask 255.255.255.255 To allow traffic flow from lower security interface "outside", to higher security interface "inside", access control list must be applied. More Related Cisco ASA Tips: Site-to-Site IPSEC VPN between Two Cisco ASA 5520 How to Configure Dual ISP on Cisco ASA 5505? Cisco ASA 8.4 vs. Typical NAT/PAT Configuration Eight Commands on a Cisco ASA Security Appliance You Should Know VLAN Sub-Interfaces on Cisco ASA 5500 Firewall Configuration How to Configure Cisco ASA 5505 Firewall?