In this section, we are going to a take a look at both static and dynamic NAT, exploring their purpose and configurations.
Advanced NAT configurations
Static NAT
Static NAT is generally used to provide access from the Outside zone, such as the internet, to a server on the DMZ of your corporate network.
Let's observe the following topology, there's one server on the DMZ, assuming its IP address is 172.16.1.50, however, users on the internet would require access to the server and the FTP service:
To configure static NAT on the ASA using the CLI, the following steps will guide us through the process:
- Create a network object, add the server as an object, and create the NAT rule:
ASA-1(config)# object network DMZ...