Configure NAT rules with Cisco ASA 8.3(2)
Cisco made significant changes to NAT from ASA version 8.3 and above. These changes have made it possible to test IPSEC tunnel connectivity into the Blue Coat Cloud Service without any interruption to current production traffic. These changes also allow a seamless transition from testing to fully deploying production traffic through the Blue Coat Cloud Service.
The steps below were completed using ASDM 6.4(9) which is the current version recommended by Cisco
First a NAT rule needs to be created:
The properties of the rule need to be defined:
1 – select inside interface (this is generally set to the interface that will see incoming traffic from the host/subnet)
Create a second rule that includes HTTPS as the service. The summary of the two rules will look as follows:
These added NAT rules exempt HTTP and HTTPS from workstation1 from being NAT'ed but all other protocols from workstation1 will be NAT'ed by rule 3.
The config output of these rules for the above example is:
object network workstation1
nat (inside,outside) source static workstation1 workstation1 service HTTP HTTP unidirectional
nat (inside,outside) source static workstation1 workstation1 service HTTPS HTTPS unidirectional
Rate this Page
Please take a moment to complete this form to help us better serve you.