Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
814
Views
0
Helpful
1
Replies

ASA Policy NAT question

thomasdzubin
Level 1
Level 1

‎11-12-2010 10:43 AM - edited ‎03-11-2019 12:08 PM

Can this be done?

I have an internal web server behind an ASA 5510 w. 8.2 firmware

I can do the regular outside to inside NATting just fine but now a new requirement has come up that when the port 80 connect comes in from a specific subnet out on the Internet, it needs to be redirected to port 8080 of the inside host.  All other subnets continue to have the regular NAT

Is this something that can be done with policy NAT?

I can create an access list

  access-list BADGUYS permit tcp 128.233.0.0 255.255.0.0 host 123.45.67.89 eq 80

which defines the rule that matches BADGUYS

and my regular NAT rule

   static (inside,outside) tcp interface 80 192.168.1.99 80 netmask 255.255.255.255

which works just fine

but how do I get the policy NAT statement to redirect to port 8080 when access-list BADGUYS is matched?

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎11-12-2010 12:38 PM

Nope can't do with 8.2. due to this

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCso79009

I belive you can do this with 8.3 nat though.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card