cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


62
Views
0
Helpful
1
Replies
Highlighted

NAT and ACL clarification.

Hello, I have a small  quick question on ASA 

Object-group test

 host 10.10.10.10

 nat (inside,outside) static 1.1.1.1 service tcp 1683 1683

and if I have a ACL entry from outside in into inside as below, will protocol 80 will work? or just only 1683

permit ip any host 10.10.10.10 service eq 1683

permit ip any host 10.10.10.10 service eq 80

Thanks in advance, 

1 REPLY 1
Hall of Fame Guru

It will only allow the port

It will only allow the port you have specified in the NAT statement so no it won't work assuming you have no other NAT statements for that host.

If you want to allow other ports you need further NAT statements.

Jon