Firewall
Configuring NAT Rules to Securely Access a Remote Network
Cisco ISA500 Series Integrated Security Appliances Administration Guide 271
6
For example, you host a HTTP server (192.168.75.20) on your LAN. Your ISP has
provided a static IP address (1.1.1.3) that you want to expose to the public as your
HTTP server address. You want to allow Internet user to access the internal HTTP
server by using the specified public IP address.
Solution: Assuming that the IP address of the WAN1 port is 1.1.1.2 and you are
assigned another public IP address 1.1.1.3. You can first create a host address
object with the IP 192.168.75.20 called “HTTPServer” and a host address object
with the IP 1.1.1.3 called “PublicIP”, and then configure an advanced NAT rule as
follows to open the HTTP server to the Internet.
Use Case: The outbound interface (To ) is set to a WAN port but the translated
source IP address (Translat ed Sourc e Addres s) is different with the public IP
address of the selected WAN port.
For example, you have provided a static IP address (1.1.1.3) . The security appliance
is set as a SSL VPN server. You want to translate the IP addresses of the SSL VPN
clients to the specified public IP address when the SSL VPN clients access the
Internet.
From WAN1
NOTE: It must be set as a WAN port and cannot be set
as Any.
To Any
Original Source
Address
Any
Original Destination
Address
PublicIP
Original Services HTTP
Translat ed Sourc e
Address
Any
Translat ed
Destination Address
HTTPServer
Translated Services HTTP