Cisco ISA550 Administration Manual page 223
Isa500 series integrated security appliances
Hide thumbs
Also See for ISA550:
- Quick start manual (13 pages) ,
- Administration manual (16 pages) ,
- Administration manual (371 pages)
Table of Contents
Advertisement
Firewall
Configuring NAT Rules to Securely Access a Remote Network
Cisco ISA500 Series Integrated Security Appliances Administration Guide
For example, you host a HTTP server (192. 1 68.75.20) on your LAN. Your ISP has
provided a static IP address (1. 1 . 1 .3) that you want to expose to the public as your
HTTP server address. You want to allow Internet user to access the internal HTTP
server by using the specified public IP address.
Solution: Assuming that the IP address of the WAN1 port is 1. 1 . 1 .2 and you are
assigned another public IP address 1. 1 . 1 .3. You can first create a host address
object with the IP 192. 1 68.75.20 called "HTTPServer" and a host address object
with the IP 1. 1 . 1 .3 called "PublicIP", and then configure an advanced NAT rule as
follows to open the HTTP server to the Internet.
From
To
Original Source
Address
Original Destination
Address
Original Services
Translated Source
Address
Translated
Destination Address
Translated Services
Use Case: The outbound interface (To) is set to a WAN port but the translated
source IP address (Translated Source Address) is different with the public IP
address of the selected WAN port.
For example, you have provided a static IP address (1. 1 . 1 .3). The security appliance
is set as a SSL VPN server. You want to translate the IP addresses of the SSL VPN
clients to the specified public IP address when the SSL VPN clients access the
Internet.
WAN1
NOTE: It must be set as a WAN port and cannot be set
as Any.
Any
Any
PublicIP
HTTP
Any
HTTPServer
HTTP
6
223
Hide quick links:
Advertisement
Table of Contents
