Using Firewall Builder To Configure Cisco ASA & PIX - Page 3

Want to support HowtoForge? Become a subscriber!
 
Submitted by mikehorn (Contact Author) (Forums) on Wed, 2011-02-16 17:23. ::

Getting Started: Configuring Cisco ASA & PIX

Reminder - In this tutorial we are configuring a Cisco ASA 5505 firewall that has the following interface configuration.

 

Step 4: Configure NAT Rules

Now that we have configured the Access Lists, the next step is to configure the NAT rules. Here are the NAT rules that we need to create:

  • Source NAT all inside traffic (10.0.0.0/24) through the firewall destined to any Internet address changing the source IP to the IP address of the outside interface (Ethernet0/0).
  • Destination NAT traffic from external IP address (198.51.100.25), the external SMTP relay server, coming to the outside interface with TCP destination port of 25 (SMTP) and forward that to an internal Email Server (10.0.0.25).

To open the NAT rules for editing, double-click on the "NAT" object located under the asa-1 firewall object in the tree. To add a new rule to the Policy, click on the green icon at the top left of the main window.

To create the first NAT rule, drag-and-drop the Internal Network object from the tree to the Original Src column of the NAT rule. Next, drag-and-drop the firewall object's outside interface (Ethernet0/0) to the Translated Src column of the rule.

That's it. You should now have a NAT rule that looks like:

Right-click on the NAT rule you just created and select Add New Rule Below. The next NAT rule should translate traffic coming from the external SMTP Relay server to the internal Email Server. Follow the steps below to create the NAT rule.

  • Drag-and-drop the SMTP Relay object from the object tree to the Original Src column of the new NAT rule.
  • Drag-and-drop the Ethernet0/0 interface object from the asa-1 firewall object to the Original Src of the rule.
  • Switch to the Standard library and filter for the smtmp object. Drag-and-drop it to the Service column of the rule.
  • Clear the filter and switch back to the User library and drag-and- drop the Email Server object from the object tree to the Translated Dst column of the rule.

You should now have two NAT rules that look like:

In the next section we will go through the process of compiling and installing the Access List and NAT rules on the firewall.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.