Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Cisco ASA NAT Port Forwarding

    Încărcat de

    Son Tran Hong Nam
    134 vizualizări2 pagini
    The document describes how to configure NAT port forwarding on a Cisco ASA firewall to make servers behind a single public IP address accessible from the external network. It provides an example topology with an ASA firewall, DMZ, and two servers. It explains configuring NAT rules to forward TCP port 80 traffic to the HTTP server and TCP port 10022 traffic to the SSH server on their respective real ports. The configuration uses network objects and static NAT with interface to specify the real server IPs and map the public ports. An access list is also needed to allow the traffic.

    Descriere originală:

    Cisco ASA NAT Port Forwarding

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    The document describes how to configure NAT port forwarding on a Cisco ASA firewall to make servers behind a single public IP address accessible from the external network. It provides an example topology with an ASA firewall, DMZ, and two servers. It explains configuring NAT rules to forward TCP port 80 traffic to the HTTP server and TCP port 10022 traffic to the SSH server on their respective real ports. The configuration uses network objects and static NAT with interface to specify the real server IPs and map the public ports. An access list is also needed to allow the traffic.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    134 vizualizări2 pagini

    Cisco ASA NAT Port Forwarding

    Încărcat de

    Son Tran Hong Nam
    The document describes how to configure NAT port forwarding on a Cisco ASA firewall to make servers behind a single public IP address accessible from the external network. It provides an example topology with an ASA firewall, DMZ, and two servers. It explains configuring NAT rules to forward TCP port 80 traffic to the HTTP server and TCP port 10022 traffic to the SSH server on their respective real ports. The configuration uses network objects and static NAT with interface to specify the real server IPs and map the public ports. An access list is also needed to allow the traffic.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 2

    Cisco ASA NAT Port Forwarding

    NAT Port Forwarding is useful when you have a single public IP address and multiple devices
    behind it that you want to reach from the outside world. Take a look at the example below:

    In the
    topology above we have an ASA firewall with a DMZ and two serversa HTTP server and a
    SSH server. Lets imagine that the IP address on the ASAs E0/1 interface (192.168.2.254) is a
    public IP address. Our goal is to make sure that we can reach these servers from the outside
    world. R2 is only there so we have a device in the outside so we can try if NAT is working.
    HTTP uses TCP port 80 and SSH uses TCP port 22 so what well do is forward these ports.
    Whenever someone connects on IP address 192.168.2.254 TCP port 80 we will forward them to
    192.168.1.1 TCP port 80.

    We can use different port numbers if we want and to demonstrate this, we will configure the ASA
    so that whenever someone connects on 192.168.2.254 TCP port 10022, we will forward it to
    192.168.1.3 TCP port 22.
    Let me show you how to configure this. We start with the HTTP server:
    ASA1(config)# object network WEB_SERVER
    ASA1(config-network-object)# host 192.168.1.1
    ASA1(config-network-object)# nat (DMZ,OUTSIDE) static interface service tcp 80
    80

    We create a network object that specifies the real IP address of the web server and then we create
    our NAT rule. By using the keyword interface we tell the ASA to use the IP address on the
    (outside) interface. The first port number is the port that the server is listening on, the second
    port number is the outside port number. Lets configure another PAT entry for the SSH server:
    ASA1(config)# object network SSH_SERVER
    ASA1(config-network-object)# host 192.168.1.3
    ASA1(config-network-object)# nat (DMZ,OUTSIDE) static interface service tcp 22
    10022

    This network object is similar to the first one but you can see I used a different port number for
    the outside. Whenever someone connects on TCP port 10022, it will be forwarded to TCP port
    22. This takes care of the NAT rules but dont forget to create an access-list or our traffic will be
    dropped:

    S-ar putea să vă placă și