NAT to local IP
One of the most common tasks is to configure a router to deliver trafic from the outside Internet to the inside LAN. How is that done on a PIX or ASA?
1.
Add the basic NAT rule that makes NAT from the outside works.
static (inside,outside) tcp interface 3389 192.168.0.10 3389 255.255.255.255 0 0
In this example Remote Desktop (port 3389) is NAT’ed to 192.168.0.10
If you want to use a different port from the outside just change the line to
static (inside, outside) tcp interface 3390 192.168.0.10 3389 255.255.255.255 0 0
port 3390 is delivered to 192.168.0.10:3389
2.
Now add an access rule that describes who has access. If everyone should have access use this line
access-list allow_inbound permit tcp any interface outside eq 3389
3.
Finally, activate the new access-list to the outside interface.Â
access-group allow_inbound in interface outside
clear xlate