Configure NAT in Cisco ASAv to publish internal server to Internet

Steps to configure NAT in Cisco ASAv to publish internal server to Internet

  • ubuntu server – 10.10.8.10/24
  • Public IP Address – 121.121.43.52
  1. Create an object for ubuntu server
object network ubuntu_ssh
    host 10.10.8.10
  1. Create an object group for TCP & UDP Ports
object-group service ubuntu_service tcp
    port-object eq 22
    port-object eq 443
  1. Create Network Translation Address (NAT)
object network ubuntu_ssh
    nat (inside,outside) static 10.10.10.253 service tcp ssh ssh
  1. Create a Firewall Rule (outside_access_in) to allow SSH from Internet
access-list outside_access_in extended permit tcp any object ubuntu_ssh object-group ubuntu_service
  1. Apply the Firewall Rule to outside interface
access-group outside_access_in in interface outside

We should be able to SSH to the ubuntu server from Internet now

ssh kwyong@121.121.43.52

Leave a Comment