https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677340#M13161 <P>Im a bit confused,&nbsp;</P> <P>&nbsp;</P> <P>I have DMZ Server that need access from a company for remote access, but they need to access many ports, i.e SSH. HTTPS, SSDP and FTP.</P> <P>&nbsp;</P> <P>Object NAT works for one port and one object, but I don't want to have to create many objects for the same DMZ Server IP address,</P> <P>I have tried Twice Nat with the same configuration as the object but Twice NAT doesn't work,</P> <P>&nbsp;</P> <P><STRONG>nat (inside,Outside) source static&nbsp;DMZServer interface service https https</STRONG><BR /><STRONG>!</STRONG><BR /><STRONG>object network DMZServer</STRONG><BR /><STRONG> nat (inside,Outside) static interface service tcp https https</STRONG></P> <P>&nbsp;</P> <P>the firewall blocks the connection for the twice nat. how can i get a working nat so i can list many ports required and use the same object.</P> <P>&nbsp;</P> Fri, 21 Feb 2020 16:02:01 GMT broadleon 2020-02-21T16:02:01Z https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677340#M13161 <P>Im a bit confused,&nbsp;</P> <P>&nbsp;</P> <P>I have DMZ Server that need access from a company for remote access, but they need to access many ports, i.e SSH. HTTPS, SSDP and FTP.</P> <P>&nbsp;</P> <P>Object NAT works for one port and one object, but I don't want to have to create many objects for the same DMZ Server IP address,</P> <P>I have tried Twice Nat with the same configuration as the object but Twice NAT doesn't work,</P> <P>&nbsp;</P> <P><STRONG>nat (inside,Outside) source static&nbsp;DMZServer interface service https https</STRONG><BR /><STRONG>!</STRONG><BR /><STRONG>object network DMZServer</STRONG><BR /><STRONG> nat (inside,Outside) static interface service tcp https https</STRONG></P> <P>&nbsp;</P> <P>the firewall blocks the connection for the twice nat. how can i get a working nat so i can list many ports required and use the same object.</P> <P>&nbsp;</P> Fri, 21 Feb 2020 16:02:01 GMT https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677340#M13161 broadleon 2020-02-21T16:02:01Z https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677414#M13162 <P>object NAT dmz to outside (bidirectional) any (dont use ports) and let the outside interface ACL permit the ports.</P> <P>&nbsp;</P> <P>remember to do a no nat from inside to dmz so you can actually access the server still for management&nbsp;</P> Mon, 30 Jul 2018 13:12:42 GMT https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677414#M13162 Dennis Mink 2018-07-30T13:12:42Z https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677598#M13163 <P>I found that removing the service ports makes the nat statement work as you suggested, but why doesn't work when you add the service ports ?</P> <P>&nbsp;</P> <P>Any way to add the service ports in the nat ? Ive done this before but can't seam to work it out now, wondering if migrating to 9 to 9.2(4) has made any changes to the may nat works ?</P> Mon, 30 Jul 2018 16:13:36 GMT https://community.cisco.com/t5/network-security/asa-nat-configration/m-p/3677598#M13163 broadleon 2018-07-30T16:13:36Z