Cisco ASA Series Configuration Manual page 209
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 10
NAT Examples and Reference
Single Address for FTP, HTTP, and SMTP (Static NAT-with-Port-Translation)
The following static NAT-with-port-translation example provides a single address for remote users to
access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for
each server, you can specify static NAT-with-port-translation rules that use the same mapped IP address,
but different ports.
Figure 10-4
209.165.201.3:80
Procedure
Create a network object for the FTP server and configure static NAT with port translation, mapping the
Step 1
FTP port to itself.
hostname(config)# object network FTP_SERVER
hostname(config-network-object)# host 10.1.2.27
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp ftp
ftp
Create a network object for the HTTP server and configure static NAT with port translation, mapping
Step 2
the HTTP port to itself.
hostname(config)# object network HTTP_SERVER
hostname(config-network-object)# host 10.1.2.28
hostname(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp
http http
Create a network object for the SMTP server and configure static NAT with port translation, mapping
Step 3
the SMTP port to itself.
Static NAT-with-Port-Translation
Undo Translation
209.165.201.3:21
Undo Translation
10.1.2.28
Host
Outside
10.1.2.27
209.165.201.3:25
Inside
FTP server
10.1.2.27
HTTP server
10.1.2.28
Cisco ASA Series Firewall CLI Configuration Guide
Examples for Network Object NAT
Undo Translation
10.1.2.29
SMTP server
10.1.2.29
10-5
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
