Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
1
Replies

NAT and ACL clarification.

Anthonize Rajaratne
Level 1
Level 1

‎04-05-2017 11:00 AM - edited ‎03-12-2019 02:10 AM

Hello, I have a small  quick question on ASA 

Object-group test

 host 10.10.10.10

 nat (inside,outside) static 1.1.1.1 service tcp 1683 1683

and if I have a ACL entry from outside in into inside as below, will protocol 80 will work? or just only 1683

permit ip any host 10.10.10.10 service eq 1683

permit ip any host 10.10.10.10 service eq 80

Thanks in advance, 

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-05-2017 11:27 AM

It will only allow the port you have specified in the NAT statement so no it won't work assuming you have no other NAT statements for that host.

If you want to allow other ports you need further NAT statements.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card