cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


479
Views
0
Helpful
1
Replies
Beginner

Source Port for PAT NATs? - ASA 5520

Hi Guys

This is probably a simple question with a simple answer

I have servers in my private network that need to communicate with servers in my DMZ on port 1080.

I have created a static NAT rule and then edited the rule as part of a lockdown so that the source IP and the Translated port is both 1080.

However when settin this up and checking ASA logs I am seeing that it is complaining of No translation group found for and that the source port is a random number.

This males sense as the incoming source is bound to be a random nubmer but it is the destination that is important. However in the ASA (using ASDM) I am unable to specific port ranges or 'any' port.

What is the best action to take in this case?

Your help us much appreciated.

Kind Regards

Mohamed     

Everyone's tags (4)
1 REPLY 1
Highlighted
Contributor

Source Port for PAT NATs? - ASA 5520

You need a service object which has both source and destination ports. Source could be range 0-65535.

But NAT rules are not the right place to add port conditions. Just add a NAT rule covering all ports. Access lists should filter the traffic by port.

Anyway, the best practice is adding an identity NAT / no NAT rule for all private (RFC1918) address ranges globally.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here