Nat (inside) 0 access-list inside_nat0_outbound_1
Static (dmz,outside) tcp interface I am also using an sql server that is on the Inside interface and the web server needs to connect to it via port 1433 for which I used Static (inside,outside) tcp interface (Assuming that I understand this correctly) If the dmz interface is on 192.168.10.x/24 subnet, the static NAT will look something like this The server has not been placed in dmz yet, so I have following config for http Īccess-list inbound extended permit tcp any interface outside eq www Thank you for the prompt reply, the ASA 5510 is running version 8.2. ***Correction*** (please ignore my earlier post I noticed an error in the information I provided) For a more complete practical guide about Cisco ASA Firewall configuration I suggest you to read the “ Cisco ASA Firewall Fundamentals – 3rd Edition” ebook at the link HERE. I just tried to offer you a starting point for a basic configuration from where you can build your knowledge further. There are many more configuration features that you need to implement to increase the security of your network, such as Static and Dynamic NAT, Access Control Lists to control traffic flow, DMZ zones, VPN etc. The above basic configuration is just the beginning for making the appliance operational. The PAT configuration below is for ASA 8.3 and later: NAT (static and dynamic) and PAT are configured under network objects. The “global” command is no longer supported. This version introduced several important configuration changes, especially on the NAT/PAT mechanism.
UPDATE for ASA Version 8.3 and later (including ASA 9.x)įrom March 2010, Cisco announced the new Cisco ASA software version 8.3. Step 4: Configure PAT on the outside interfaceĪSA5510(config)# global (outside) 1 interfaceĪSA5510(config)# nat (inside) 1 0.0.0.0 0.0.0.0
Configure this under Configuration Mode:ĪSA5510(config)# enable password mysecretpassword Step1: Configure a privileged level password (enable password)īy default there is no password for accessing the ASA firewall, so the first step before doing anything else is to configure a privileged level password, which will be needed to allow subsequent access to the appliance. Let’s see a snippet of the required configuration steps for this basic scenario: All outbound communication (from inside to outside) will be translated using Port Address Translation (PAT) on the outside public interface. The firewall will be configured to supply IP addresses dynamically (using DHCP) to the internal hosts.