Cisco ASA 8.2 and Below – Static Nat
Posted by on August 4, 2014
The other day I had to configure a Static nat entry on a 8.2 ASA. It had been a while since I had done this since almost everything I work with is 8.3 and above. I thought I would make an entry for myself and maybe to help someone along the way.
Example – I have public IP 1.1.1.10 and I need to forward in port 443 to my internal server of 192.168.1.10. I have an access-list Outside-IN applied to my outside interface. Note if the 1.1.1.10 is my outside interface IP (lets say I have only one public IP) then we would use the interface key word
ASA config –
config t
static (inside,outside) tcp 1.1.1.10 443 192.168.1.10 443
access-list Outside-IN permit tcp any host 1.1.1.10 eq 443
or
static (inside,outside) tcp interface 443 192.168.1.10 443
access-list Outside-IN permit tcp any host 1.1.1.10 eq 443
That’s it!
Compared to 8.3 and above –
object network 192.168.1.10
host 192.168.1.10
nat (inside,outside) static interface service tcp 443 443
access-list Outside-IN permit tcp any host 192.168.1.10 eq 443 — Notice the internal IP.
Reblogged this on Dirigeant.societe.com.