Public Server vs. using NAT for STUN / TURN servers

[sidwick30]

I need to setup access to a STUN & TURN server. Due to the number of ports needed and what a stun / turn server does, I’m trying to determine if I should use the Public Server feature in the ASA 5525 ver. 9.1. I have the documentation from cisco of how to setup a public server and one still creates NAT & ACL rules…. So how is that different than just creating the objects for the servers & setting up standard NAT & ACL rules? Looking for references as well that can give different scenarios of when to us a public server.
Thanks

 

[ADB100]

I assume you are referring to the 'Public Servers' bit in the ASDM GUI? This is sort of a 'macro' and automates the manual process of creating ACL's and NAT rules so its no different from what you describe. If you do create entries in the public server part of the ASDM GUI rules will still get created in the NAT and Access rules screens.

Andy

 

[burtsbees]

My advice---I do everything manually, unless I'm the one that created the macro...since I troubleshoot my own networks, I want to know exactly how everything is configured, from A to Z

--Tim

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY