Version vom 11. Februar 2016, 12:00 Uhr

Maskieren auf ausgehende Interface (Regular Dynamic PAT)

ciscoasa(config)# object network obj-bastion
ciscoasa(config-network-object)# host 172.18.122.101
ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface tcp www www

ciscoasa(config)# access-list acl-outside extended permit tcp any object obj-bastion eq www
ciscoasa(config)# access-group acl-outside in interface if-outside

ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface tcp 22 8472
ciscoasa(config)# access-list acl-outside extended permit tcp any object obj-bastion eq 22

@@ Zeile 11: / Zeile 11: @@
 ==ACL zum Portforwarding auf internen Webserver==
-*ciscoasa(config)# access-list acl-outside extended permit tcp any object obj-www eq www
+*ciscoasa(config)# access-list acl-outside extended permit tcp any object obj-bastion eq www
 *ciscoasa(config)# access-group acl-outside in interface if-outside
 ==Portforwarding auf Port 8472 zu Port 22 internen ==
 *ciscoasa(config-network-object)# nat (if-inside,if-outside) static interface tcp 22 8472
-*ciscoasa(config)# access-list acl-outside extended permit tcp any object obj-www eq 22
+*ciscoasa(config)# access-list acl-outside extended permit tcp any object obj-bastion eq 22