Setup the object
object network obj-172.20.50.50
host 172.20.50.50
Setup the static NAT
object network obj-172.20.50.50
nat (INSIDE,OUTSIDE) static 200.100.200.300
Setup the group of hosts who are allowed access (you can use any if you want the internet to have access but I want to restrict)
object-group network MYWEBAPP_HOSTS_ALLOWED_IN
network-object host 80.70.60.50
network-object host 90.100.200.50
network-object host 100.123.123.123
Set up the group of ports you want to allow access
object-group service PORTS_80_AND_443 tcp-udp
port-object eq 80
port-object eq 443
Add an entry to the outside access-list
access-list OUTSIDE_IN extended permit tcp object-group MYWEBAPP_HOSTS_ALLOWED_IN 172.20.50.50 object-group PORTS_80_AND_443
No comments:
Post a Comment