Enable a Server on the Inside Network to Reach the Internet Using a Public IP address
Use Case
Use this NAT strategy when you have a server with a private IP address that needs to be accessed from the internet and you have enough public IP addresses to NAT one public IP address to the private IP address. If you have a limited number of public IP addresses, see Make a server on the inside network available to users on a specific port of a public IP address (that solution may be more suitable).
Strategy
Your server has a static, private IP address, and users outside your network have to be able to reach your server. Create a network object NAT rule that translates the static private IP address to a static public IP address. After that, create an access policy that allows traffic from that public IP address to reach the private IP address. Finally, deploy these changes to your device.
Before you begin
Before you begin, create two network objects. Name one object servername_inside and the other object servername_outside. The servername_inside network object should contain the private IP address of your server. The servername_outside network object should contain the public IP address of your server. See Create Network Objects for instructions.
Procedure
Step 1 | In the left pane, click . |
Step 2 | Click the Devices tab to locate the device or the Templates tab to locate the model device. |
Step 3 | Click the appropriate device type tab. |
Step 4 | Select the device you want to create the NAT rule for. |
Step 5 | Click NAT in the Management pane at the right. |
Step 6 | Click > Network Object NAT. |
Step 7 | In section 1, Type, select Static. Click Continue. |
Step 8 | In section 2, Interfaces, choose inside for the source interface and outside for the destination interface. Click Continue. |
Step 9 | In section 3, Packets, perform these actions:
|
Step 10 | Skip section 4, Advanced. |
Step 11 | For an FDM-managed device, in section 5, Name, give the NAT rule a name. |
Step 12 | Click Save. |
Step 13 | For ASA, deploy a Network Policy rule or for FDM-managed device, deploy an access control policy rule to allow the traffic to flow from servername_inside to servername_outside. |
Step 14 | Review and deploy now the changes you made, or wait and deploy multiple changes at once. |
Here are the entries that are created and appear in an ASA's saved configuration file as a result of this procedure.
Note | This does not apply to FDM-managed devices. |
Objects created by this procedure:
object network servername_outside
host 209.165.1.29
object network servername_inside
host 10.1.2.29
NAT rules created by this procedure:
object network servername_inside
nat (inside,outside) static servername_outside