Difference between revisions of "NAT Cisco ASA"
From Teknologisk videncenter
(→Outside in - one-to-one nat) |
(→Outside in - one-to-one nat) |
||
Line 12: | Line 12: | ||
nat (INSIDE,OUTSIDE) static 217.198.220.152 | nat (INSIDE,OUTSIDE) static 217.198.220.152 | ||
! | ! | ||
+ | </source> | ||
+ | |||
+ | Version 9 ASA | ||
+ | |||
+ | <b>Objekt</b> | ||
+ | <source lang=cli> | ||
+ | object network 217.198.220.139--SMTP.HOTDATA.DK | ||
+ | host 212.198.213.139 | ||
+ | object network WEB01.HOTDATA.DK | ||
+ | host 192.168.130.3 | ||
+ | </source> | ||
+ | |||
+ | |||
+ | <b>NAT REGL</b> | ||
+ | <source lang=cli> | ||
+ | nat (OUTSIDE,INSIDE) 2 source static any any destination static 217.198.220.139--SMTP.HOTDATA.DK 192.168.130.15--SMTP.HOTDATA.DK no-proxy-arp description SMTP.HOTDATA.DK | ||
+ | </source> | ||
+ | |||
+ | <b>ACCESS LIST</b> | ||
+ | <source lang=cli> | ||
+ | object-group service DM_INLINE_TCP_5 tcp | ||
+ | port-object eq http | ||
+ | port-object eq https | ||
+ | access-list global_access line 4 extended permit tcp any object 192.168.130.30--WEB01.HOTDATA.DK object-group DM_INLINE_TCP_5 | ||
</source> | </source> | ||
Revision as of 13:45, 1 May 2017
Outside in - one-to-one nat
Internal IP: 192.168.138.152 External IP: 217.198.220.152
Version 8 ASA
access-list H5MAJ2017 permit ip any host 192.168.138.152
access-group H5MAJ2017 in interface OUTSIDE
!
object network OBJ192.168.138.152
host 192.168.138.152
nat (INSIDE,OUTSIDE) static 217.198.220.152
!
Version 9 ASA
Objekt
object network 217.198.220.139--SMTP.HOTDATA.DK
host 212.198.213.139
object network WEB01.HOTDATA.DK
host 192.168.130.3
NAT REGL
nat (OUTSIDE,INSIDE) 2 source static any any destination static 217.198.220.139--SMTP.HOTDATA.DK 192.168.130.15--SMTP.HOTDATA.DK no-proxy-arp description SMTP.HOTDATA.DK
ACCESS LIST
object-group service DM_INLINE_TCP_5 tcp
port-object eq http
port-object eq https
access-list global_access line 4 extended permit tcp any object 192.168.130.30--WEB01.HOTDATA.DK object-group DM_INLINE_TCP_5