In this scenario, you have a site with an ASA 5505 and one public IP address. You have just a few users and a web server you want the public to access from the Internet. Translation – this is port forwarding. The requirements:
- Allow Inside users to access the Internet.
- Allow Inside Web server to serve http services to the Internet.
- Allow Outside users to visit your Web server.
LAB-ASA5505-01# conf t LAB-ASA5505-01(config)# object network INSIDE-SUBNET LAB-ASA5505-01(config-network-object)# subnet 172.20.10.0 255.255.255.0 LAB-ASA5505-01(config-network-object)# LAB-ASA5505-01(config-network-object)# exit LAB-ASA5505-01(config)# object network WWW-SERVER LAB-ASA5505-01(config-network-object)# host 172.20.10.100 LAB-ASA5505-01(config-network-object)# LAB-ASA5505-01(config-network-object)# exit
LAB-ASA5505-01(config)# object network INSIDE-SUBNET LAB-ASA5505-01(config-network-object)# nat (inside,outside) dynamic interface
LAB-ASA5505-01(config)# object network WWW-SERVER LAB-ASA5505-01(config-network-object)# nat (inside,outside) static interface service tcp 80 80
LAB-ASA5505-01(config)# access-list Outside_access_in extended permit tcp any object WWW-SERVER eq 80 LAB-ASA5505-01(config)# access-group Outside_access_in in interface Outside
LAB-ASA5505-01# show nat Auto NAT Policies (Section 2) 1 (Inside) to (Outside) source static WWW-SERVER interface service tcp www www translate_hits = 0, untranslate_hits = 2 2 (Inside) to (Outside) source dynamic INSIDE-SUBNET interface translate_hits = 6, untranslate_hits = 0
LAB-ASA5505-01# sh access-list access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) alert-interval 300 access-list Outside_access_in; 2 elements; name hash: 0xe796c137 access-list Outside_access_in line 1 extended permit icmp any any echo-reply (hitcnt=0) 0x24ee277f access-list Outside_access_in line 2 extended permit tcp any object WWW-SERVER eq www (hitcnt=4) 0xb7fcf341 access-list Outside_access_in line 2 extended permit tcp any host 172.20.10.100 eq www (hitcnt=4) 0xb7fcf341
How do you configure this in ASDM?
