30-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter30 Configuring Network Object NAT
Configuration Examples for Network Object NAT
Configuration Examples for Network Object NAT
This section includes the following configuration examples:
Providing Access to an Inside Web Server (Static NAT), page30-15
NAT for Inside Hosts (Dynamic NAT) and NAT for an Outside Web Server (Static NAT), page30-16
Inside Load Balancer with Multiple Mapped Addresses (Static NAT, One-to-Many), page 30-17
Single Address for FTP, HTTP, and SMTP (Static NAT-with-Port-Translation), page30-18
DNS Server on Mapped Interface, Web Server on Real Interface (Static NAT with DNS
Modification), page30-19
DNS Server and Web Server on Mapped Interface, Web Server is Translated (Static NAT with DNS
Modification), page30-21

Providing Access to an Inside Web Server (Static NAT)

The following example performs static NAT for an inside web server. The real address is on a private
network, so a public address is required. Static NAT is necessary so hosts can initiate traffic to the web
server at a fixed address. (See Figure30-1).
Figure30-1 Static NAT for an Inside Web Server
Step1 Create a network object for the internal web server:
hostname(config)# object network myWebServ
Step2 Define the web server address:
hostname(config-network-object)# host 10.1.2.27
Outside
Inside
10.1.2.1
209.165.201.1
Security
Appliance
myWebServ
10.1.2.27
209.165.201.12
10.1.2.27 209.165.201.10
248772
Undo Translation