Cisco ASA 8.2 and Below – Static Nat

The other day I had to configure a Static nat entry on a 8.2 ASA. It had been a while since I had done this since almost everything I work with is 8.3 and above. I thought I would make an entry for myself and maybe to help someone along the way.

Example – I have public IP 1.1.1.10 and I need to forward in port 443 to my internal server of 192.168.1.10. I have an access-list Outside-IN applied to my outside interface. Note if the 1.1.1.10 is my outside interface IP (lets say I have only one public IP) then we would use the interface key word

ASA config –

config t

static (inside,outside) tcp 1.1.1.10 443 192.168.1.10 443

access-list Outside-IN permit tcp any host 1.1.1.10 eq 443

or

static (inside,outside) tcp interface 443 192.168.1.10 443

access-list Outside-IN permit tcp any host 1.1.1.10 eq 443

That’s it!

Compared to 8.3 and above –

object network 192.168.1.10

host 192.168.1.10

nat (inside,outside) static interface service tcp 443 443

access-list Outside-IN permit tcp any host 192.168.1.10 eq 443Notice the internal IP.

Advertisements

One response to “Cisco ASA 8.2 and Below – Static Nat

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: