Solved: Cisco ASA 5515 8.6 Simple Nat Issue

mfitzgerald1 · ‎08-26-2013

Recently I upgraded several appliances from the old Pix 501 to 5515. I am struggling trying to simply set up a static route.

On the old routers I would enter the command as such

access-list outside_access_in extended permit tcp any host 8.8.8.8 eq 3391

static (inside,outside) tcp interface 3392 10.0.0.52 3391 netmask 255.255.255.255

Boom done!

On 8.4 I thought:

object network Remotepc3391

host 10.0.0.52

object-group service remote3391 tcp

port-object eq 3391

access-list outside_access_in extended permit tcp any eq 3391 any eq 3391

nat (Inside,Outside) source static Remotepc3391 Remotepc3391 service 3391 3391

But it does not work. I am sure I am missing something stupid but I can't see what. So can someone please simply convert the above command for my old firewall to the correct commands for my new firewall. Once I see it properly done I am sure it will click.

Thanks.

Jouni Forss · ‎08-26-2013

Hi,

Try the following

object network REMOTEPC

host 10.0.0.52

nat (Inside,Outside) static interface service tcp 3391 3391

access-list outside_access_in remark Allow TCP/3391

access-list outside_access_in permit tcp any object REMOTEPC eq 3391

Depending on how you have configured the rest of your NAT we might need to make modification so that they dont override this NAT configuration.

- Jouni

View solution in original post

Jouni Forss · ‎08-26-2013

Hi,