AutoNAT suits best if the ASA external IP changes frequently (DHCP).ĪutoNAT configuration for the LAN subnet is done by creating a network object representing each LAN subnet. Network Address Translation makes the addresses so that they look like the ASA's outside interface IP address. Network Address Translation is needed because these internal hosts use private IP addresses which are not routable on the Internet. In this lab, the AutoNAT feature of ASA 5506-X firewall is used to configure the NAT rules that allow the hosts on the LAN segments to connect to the Internet. Configure NAT to allow LAN users to access the INTERNET An access-list, named OUTSIDE, will be configured to allow incoming echo-reply and unreachable ICMP repliesĥ.Configure the required access-lists on the internet facing interface to allow incoming trafic to the DMZ webserverĦ.Test HTTP connectivity from the Public laptop to the DMZ webserver ()
Configure ICMP rules to allow laptop1 to ping 148.12.56.1 internet router and any internet resource. Configure inbound NAT rule to allow access to the 172.16.1.10 DMZ webserver from the Internet with 148.12.56.68 public IP address.Ĥ. Configure NAT to allow DMZ servers to access the INTERNETģ. Configure NAT to allow LAN users to access the INTERNETĢ.
0 kommentar(er)
