Firewall

6

 

Configuring NAT Rules to Securely Access a Remote Network

 

 

 

 

 

Solution: Assuming that the IP address of the WAN1 port is 1.1.1.2 and the SSL VPN client address pool is set as 192.168.200.0/24. You can first create a host address object with the IP 1.1.1.3 called “PublicIP,” and then create an advanced NAT rule as follows to allow SSL VPN clients to access the Internet:

From

Any

 

 

To

WAN1

 

NOTE: It must be set as a WAN port and cannot be set

 

as Any.

 

 

Original Source

SSLVPNPool

Address

 

 

 

Original Destination

Any

Address

 

 

 

Original Services

Any

 

 

Translated Source

PublicIP

Address

 

 

 

Translated

Any

Destination Address

 

 

 

Translated Services

Any

 

 

Configuring an Advanced NAT Rule to Support NAT

Hairpinning

NAT hairpinning allows the hosts at LAN side to access internal servers by using their respective external IP addresses (public IP addresses). This section provides a configuration example about how to create an advanced NAT rule to support NAT hairpinning.

STEP 1 Go to the Networking > Address Management page to create a host address object with the IP 192.168.10.100 called “FTPServer.” The FTP server locates in the LAN zone.

STEP 2 Go to the Firewall > NAT > Port Forwarding page to create a port forwarding rule as follows.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

272

Page 272
Image 272
Casio ISA550WBUN3K9 manual Configuring an Advanced NAT Rule to Support NAT Hairpinning, From Any