Firewall

6

 

Configuring NAT Rules to Securely Access a Remote Network

 

 

 

 

 

For example, you host a HTTP server (192.168.75.20) on your LAN. Your ISP has provided a static IP address (1.1.1.3) that you want to expose to the public as your HTTP server address. You want to allow Internet user to access the internal HTTP server by using the specified public IP address.

Solution: Assuming that the IP address of the WAN1 port is 1.1.1.2 and you are assigned another public IP address 1.1.1.3. You can first create a host address object with the IP 192.168.75.20 called “HTTPServer” and a host address object with the IP 1.1.1.3 called “PublicIP”, and then configure an advanced NAT rule as follows to open the HTTP server to the Internet.

From

WAN1

 

NOTE: It must be set as a WAN port and cannot be set

 

as Any.

 

 

To

Any

 

 

Original Source

Any

Address

 

 

 

Original Destination

PublicIP

Address

 

 

 

Original Services

HTTP

 

 

Translated Source

Any

Address

 

 

 

Translated

HTTPServer

Destination Address

 

 

 

Translated Services

HTTP

 

 

Use Case: The outbound interface (To) is set to a WAN port but the translated source IP address (Translated Source Address) is different with the public IP address of the selected WAN port.

For example, you have provided a static IP address (1.1.1.3). The security appliance is set as a SSL VPN server. You want to translate the IP addresses of the SSL VPN clients to the specified public IP address when the SSL VPN clients access the Internet.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

271

Page 271
Image 271
Casio ISA550WBUN3K9 manual As Any, Http