ASA Config Notes

Owned by Jermaine Alls
Last updated: Mar 22, 2019
Sources: 
http://www.petenetlive.com/KB/Article/0000691
http://www.petenetlive.com/KB/Article/0001035
https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_objects.html
External Object
object network ip-5.2.2.1-label
host 5.2.2.1
Internal Object with 1:1 NAT Mapping
object network ip-10.10.10.2
host 10.10.10.2
nat (inside,outside) static ip-5.2.2.1-label
Internal Object with Port Forwarding
object network ip-10.10.10.2
host 10.10.10.2
nat (inside,outside) static ip-5.2.2.1-label service tcp 8080 80
* Internal port then External port *
Permit Traffic
access-list inbound permit tcp any host 10.10.10.2
access-group inbound in interface outside
* See Sources #2 *
For blocks of IPs that are not assigned to an interface you need the following:
arp permit-nonconnected
object network <object name>
 host <ip address of host>
 nat (lan_colo,outside) static interface service tcp <server port> <externally facing port> 
access-list <rule name> extended permit tcp any object <object name> eq 3389 
access-group <rule name> in interface <name if (outside)>