Revision as of 13:45, 1 May 2017

Outside in - one-to-one nat

Internal IP: 192.168.138.152 External IP: 217.198.220.152

Version 8 ASA

access-list H5MAJ2017 permit ip any host 192.168.138.152
access-group H5MAJ2017 in interface OUTSIDE
!
object network OBJ192.168.138.152
 host 192.168.138.152
 nat (INSIDE,OUTSIDE) static 217.198.220.152
!

Version 9 ASA

Objekt

      object network 217.198.220.139--SMTP.HOTDATA.DK 
        host 212.198.213.139
     object network WEB01.HOTDATA.DK
        host 192.168.130.3

NAT REGL

      nat (OUTSIDE,INSIDE) 2 source static any any destination static 217.198.220.139--SMTP.HOTDATA.DK 192.168.130.15--SMTP.HOTDATA.DK no-proxy-arp description SMTP.HOTDATA.DK

ACCESS LIST

      object-group service DM_INLINE_TCP_5 tcp
        port-object eq http
        port-object eq https
      access-list global_access line 4 extended permit tcp any object 192.168.130.30--WEB01.HOTDATA.DK object-group DM_INLINE_TCP_5

links

One-to-one NAT

Navigation menu

Difference between revisions of "NAT Cisco ASA"

Revision as of 13:45, 1 May 2017

Outside in - one-to-one nat

links

@@ Line 12: / Line 12: @@
   nat (INSIDE,OUTSIDE) static 217.198.220.152
 !
+</source>
+Version 9 ASA
+<b>Objekt</b>
+<source lang=cli>
+      object network 217.198.220.139--SMTP.HOTDATA.DK
+        host 212.198.213.139
+     object network WEB01.HOTDATA.DK
+        host 192.168.130.3
+</source>
+<b>NAT REGL</b>
+<source lang=cli>
+      nat (OUTSIDE,INSIDE) 2 source static any any destination static 217.198.220.139--SMTP.HOTDATA.DK 192.168.130.15--SMTP.HOTDATA.DK no-proxy-arp description SMTP.HOTDATA.DK
+</source>
+<b>ACCESS LIST</b>
+<source lang=cli>
+      object-group service DM_INLINE_TCP_5 tcp
+        port-object eq http
+        port-object eq https
+      access-list global_access line 4 extended permit tcp any object 192.168.130.30--WEB01.HOTDATA.DK object-group DM_INLINE_TCP_5
 </source>