1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring AAA Rules for Network Access
Configuring Authentication for Network Access
nat (inside,outside) static 10.48.66.155 service tcp 111 889
Then users do not see the authentication page. Instead, the ASA sends an error message to the web
browser indicating that the user must be authenticated before using the requested service.
When a mapped address is used for static PAT, it is automatically placed into the dynamic PAT pool.
For instance, this configuration,
object network my-ftp-server
host <real-server>
nat (inside,outside) static <mapped-server> ftp ftp
is equivalent to
object network my-ftp-server
host <real-server>
nat (inside,outside) static <mapped-server> ftp ftp
object network <internal>
nat (inside,outside) dynamic <mapped-server>
The second line ensures that all PAT bindings are accounted for.This accounting is necessary to avoid
connection failure from port collision.
As the the mapped address is placed under dynamic PAT, any additional service that is to be accessed
through the mapped address, must also be explicitly configured.
For example, the following is the correct configuration for three services through address 192.150.49.10.
Additionally, the SMTP and HTTP services also reside at a host with the same address as the mapped
address, 192.150.49.10.
object network my-ftp-server
host <real-server>
nat (inside,outside) static <mapped-server> ftp ftp
object network my-ftp-server
host "192.150.49.10"
nat (inside,outside) static 192.150.49.10 smtp smtp
object network my-ftp-server
host "192.150.49.10"
nat (inside,outside) static 192.150.49.10 http http
To Next Page
Loading...
Need help?
General
