Cisco Systems ASA 5585-X Manual De Usuario
4-22
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Configuring Network Object NAT
Configuration Examples for Network Object NAT
Single Address for FTP, HTTP, and SMTP (Static NAT-with-Port-Translation)
The following static NAT-with-port-translation example provides a single address for remote users to
access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for
each server, you can specify static NAT-with-port-translation rules that use the same mapped IP address,
but different ports. (See
access FTP, HTTP, and SMTP. These servers are actually different devices on the real network, but for
each server, you can specify static NAT-with-port-translation rules that use the same mapped IP address,
but different ports. (See
Figure 4-4
Static NAT-with-Port-Translation
Step 1
Create a network object for the FTP server address:
ciscoasa(config)# object network FTP_SERVER
Step 2
Define the FTP server address, and configure static NAT with identity port translation for the FTP server:
ciscoasa(config-network-object)# host 10.1.2.27
ciscoasa(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp ftp
ftp
Step 3
Create a network object for the HTTP server address:
ciscoasa(config)# object network HTTP_SERVER
Step 4
Define the HTTP server address, and configure static NAT with identity port translation for the HTTP
server:
server:
ciscoasa(config-network-object)# host 10.1.2.28
ciscoasa(config-network-object)# nat (inside,outside) static 209.165.201.3 service tcp
http http
Host
Outside
Inside
Undo Translation
10.1.2.27
209.165.201.3:21
Undo Translation
10.1.2.28
209.165.201.3:80
Undo Translation
10.1.2.29
209.165.201.3:25
FTP server
10.1.2.27
HTTP server
10.1.2.28
SMTP server
10.1.2.29
1
3
00
3
1