https://community.cisco.com/t5/network-security/nat-and-acl-clarification/m-p/3076486#M145159 <P>Hello, I have&nbsp;a small &nbsp;quick question on ASA&nbsp;</P> <P></P> <P>Object-group test</P> <P>&nbsp;host 10.10.10.10</P> <P>&nbsp;nat (inside,outside) static 1.1.1.1 service tcp 1683 1683</P> <P></P> <P>and if I have a ACL entry from outside in into inside as below, will protocol 80 will work? or just only 1683</P> <P></P> <P>permit ip any host 10.10.10.10 service eq 1683</P> <P>permit ip any host 10.10.10.10 service eq 80</P> <P></P> <P>Thanks in advance,&nbsp;</P> <P></P> <P></P> Tue, 12 Mar 2019 09:10:54 GMT Anthonize Rajaratne 2019-03-12T09:10:54Z https://community.cisco.com/t5/network-security/nat-and-acl-clarification/m-p/3076486#M145159 <P>Hello, I have&nbsp;a small &nbsp;quick question on ASA&nbsp;</P> <P></P> <P>Object-group test</P> <P>&nbsp;host 10.10.10.10</P> <P>&nbsp;nat (inside,outside) static 1.1.1.1 service tcp 1683 1683</P> <P></P> <P>and if I have a ACL entry from outside in into inside as below, will protocol 80 will work? or just only 1683</P> <P></P> <P>permit ip any host 10.10.10.10 service eq 1683</P> <P>permit ip any host 10.10.10.10 service eq 80</P> <P></P> <P>Thanks in advance,&nbsp;</P> <P></P> <P></P> Tue, 12 Mar 2019 09:10:54 GMT https://community.cisco.com/t5/network-security/nat-and-acl-clarification/m-p/3076486#M145159 Anthonize Rajaratne 2019-03-12T09:10:54Z https://community.cisco.com/t5/network-security/nat-and-acl-clarification/m-p/3076487#M145160 <P>It will only allow the port you have specified in the NAT statement so no it won't work assuming you have no other NAT statements for that host.</P> <P>If you want to allow other ports you need further NAT statements.</P> <P>Jon</P> Wed, 05 Apr 2017 18:27:54 GMT https://community.cisco.com/t5/network-security/nat-and-acl-clarification/m-p/3076487#M145160 Jon Marshall 2017-04-05T18:27:54Z