Cisco ASA 5500 Series Configuration Guide using ASDM, 6.3
Configuring Public Servers
Downloads: This chapterpdf (PDF - 86.0KB) The complete bookPDF (PDF - 22.37MB) | Feedback

Configuring Public Servers

Table Of Contents

Configuring Public Servers

Public Server Overview

Adding a Public Server

Adding a Public Server that Enables Static NAT

Adding a Public Server that Enables Static NAT with Port Address Translation

Editing a Public Server


Configuring Public Servers


This section describes how to configure public servers, and includes the following topics:

Public Server Overview

Adding a Public Server

Editing a Public Server

Public Server Overview

While the basic functions of a firewall are to protect inside networks from unauthorized access by users on an outside network or to protect inside networks from each other, these functions involve multiple configurations. These configurations include configuring inside DMZ interfaces, creating access rules, creating NAT or PAT rules, and configuring application inspection.

ASDM provides the Public Servers pane in the Configuration > Firewall > Public Servers pane so that an administrator can enable various application servers to be accessed by internal and external users. When selected, this pane displays a list of public servers. internal and external addresses, the interfaces to which the internal or external addresses apply, the ability to translate the addresses, and the service that is exposed.

In this pane you can add, edit, delete, or modify existing public servers.

Fields

Add—Adds a public server.

Edit—Edits a a public server group.

Delete—Deletes a specified public server.

Apply—Applies the changes that have been made.

Reset—Resets the security appliance to the previous configuration.

Adding a Public Server

You can add a public server that enables static NAT and creates a fixed translation of a real address to a mapped address, or you can add a public server that enables static NAT with port address translation and lets you specify a real and mapped protocol (TCP or UDP) and port.

Adding a Public Server that Enables Static NAT

Adding a Public Server that Enables Static NAT with Port Address Translation

Adding a Public Server that Enables Static NAT

To add a public server that creates a fixed translation of a real address to a mapped address, perform the following steps:


Step 1 In the Configuration > Firewall > Public Servers pane, click Add to add a new server.

The Add Public Server dialog box appears.

Step 2 From the Private Interface drop-down menu, select the name of the private interface to which the real server is connected.

Step 3 In the Private IP address field, enter the real IP address of the server (IPv4 only).

Step 4 In the Private Service field, click Browse ... to display the Browse Service dialog box, choose the actual service that is exposed to the outside, and click OK.

Optionally, from the Browse Service dialog box you can click Add to create a new service or service group. Multiple services from various ports can be opened to the outside. For more information about service objects and service groups, see the "Configuring Service Objects and Service Groups" section.

Step 5 From the Public Interface drop-down menu, enter the interface through which users from the outside can access the real server.

Step 6 In the Public Address field, enter the mapped IP address of the server, which is the address that is seen by the outside user.

Step 7 (Optional) To enable static PAT, check the Specify if Public Service is different from private service check box .

Step 8 Click OK. The configuration appears in the main pane.

Step 9 Click Apply to generate static NAT and a corresponding access rule for the traffic flow and to save the configuration.

For information about static NAT, see the "Information About Static NAT" section.


Adding a Public Server that Enables Static NAT with Port Address Translation

To add a public server that lets you specify a real and mapped protocol (TCP or UDP) to a port, perform the following steps:


Step 1 In the Configuration > Firewall > Public Servers pane, click Add to add a new server.

The Add Public Server dialog box appears.

Step 2 From the Private Interface drop-down menu, select the name of the private interface to which the real server is connected.

Step 3 In the Private IP address field, enter the real IP address of the server (IPv4 only).

Step 4 In the Private Service field, click Browse ... to display the Browse Service dialog box, choose the actual service that is exposed to the outside, and click OK.

Optionally, from the Browse Service dialog box you can click Add to create a new service or service group. Multiple services from various ports can be opened to the outside. For more information about service objects and service groups, see the "Configuring Service Objects and Service Groups" section.

Step 5 From the Public Interface drop-down menu, enter the interface through which users from the outside can access the real server.

Step 6 In the Public Address field, enter the mapped IP address of the server, which is the address that is seen by the outside user.

Step 7 Check the Specify Public Service if different from Private Service check box to enable static PAT.

Step 8 In the Public Service field, enter the mapped protocol (TCP or UDP only) or click Browse ... to select a protocol from the list.

Step 9 Click OK.

Step 10 Click Apply to generate static NAT with port address translation and a corresponding access rule for the traffic flow and to save the configuration.

For information about static NAT with port address translation, see the "Information About Static NAT with Port Translation" section.


Editing a Public Server

To edit a public server, perform the following steps:


Step 1 In the Configuration > Firewall > Public Servers pane, click Edit to edit an object, or choose an existing public server, and click Edit.

The Edit Public Server dialog box appears.

Step 2 Make any necessary changes to the following values:

Private Interface—The interface to which the real server is connected.

Private IP Address—The real IP address of the server.

Private Service—The actual service that is running on the real server.

Public Interface—The interface through which outside users can access the real server.

Public Address.—The IP address that is seen by outside users.

Public Service—The service that is running on the translated address.

Step 3 Click OK.