Cisco Systems and the ASA Services Module Manual De Usuario
4-19
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Configuring Network Object NAT
Configuration Examples for Network Object NAT
Providing Access to an Inside Web Server (Static NAT)
The following example performs static NAT for an inside web server. The real address is on a private
network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web
server at a fixed address. (See
network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web
server at a fixed address. (See
).
Figure 4-1
Static NAT for an Inside Web Server
Step 1
Create a network object for the internal web server:
ciscoasa(config)# object network myWebServ
Step 2
Define the web server address:
ciscoasa(config-network-object)# host 10.1.2.27
Step 3
Configure static NAT for the object:
ciscoasa(config-network-object)# nat (inside,outside) static 209.165.201.10
NAT for Inside Hosts (Dynamic NAT) and NAT for an Outside Web Server
(Static NAT)
(Static NAT)
The following example configures dynamic NAT for inside users on a private network when they access
the outside. Also, when inside users connect to an outside web server, that web server address is
translated to an address that appears to be on the inside network. (See
the outside. Also, when inside users connect to an outside web server, that web server address is
translated to an address that appears to be on the inside network. (See
Outside
Inside
10.1.2.1
209.165.201.1
Security
Appliance
Appliance
myWebServ
10.1.2.27
10.1.2.27
209.165.201.12
10.1.2.27
209.165.201.10
248772
Undo Translation