Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1975
Views
5
Helpful
4
Replies

Configure port forwarding for both 500 and 4500 on ASA 5550

Go to solution
Kaushik Ray
Beginner
Beginner

‎08-01-2014 02:19 AM - edited ‎03-11-2019 09:33 PM

Hello I am trying to open up port forwarding for both 500 and 4500 as below but if i try to add tcp 4500 the 500 is removed; is there any way both can be added. sorry am new to firewalls and would be grateful to have some insight on it please?

object network obj-VPN(1:1)
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

 

 

Many Thanks

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkarthikeyan
Rising star
Rising star

‎08-01-2014 03:48 AM

Hi Kaushik,

All you need is to use two different object's to achieve it..you cannot bind that in a single object with 2 NAT rules.....

object network obj-VPN-500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

object network obj-VPN-4500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 4500 4500

 

Regards

Karthik

 

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
nkarthikeyan
Rising star
Rising star

‎08-01-2014 03:48 AM

Hi Kaushik,

All you need is to use two different object's to achieve it..you cannot bind that in a single object with 2 NAT rules.....

object network obj-VPN-500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

object network obj-VPN-4500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 4500 4500

 

Regards

Karthik

 

 

0 Helpful

Go to solution
Kaushik Ray
Beginner
Beginner
In response to nkarthikeyan

‎08-01-2014 03:55 AM

Thanks Karthik for your reply.

object network obj-VPN(1:1)
 host xxx.xxx.xxx.xxx

object network obj-VPN(1:1)
 nat (inside,outside) static AAA.AAA.AAA.AAA

i have the above set at the moment; so do i have to create two separate NATs with two Public IPs?

 

or can use the two objects to NAT to the same public IP?

 

 

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Kaushik Ray

‎08-01-2014 04:05 AM

Hi,

 

You will be using the same public IP address in both if you configure Static PAT (Port Forward)

 

So you create an "object" for both Static PAT configurations and you will use the same public IP address in both but forward a separate port in each Static PAT configurations.

 

Karthik provided the Static PAT configurations format above.

 

If you were configuring Static NAT (which you arent) you would need separate public IP addresses.

 

- Jouni

Go to solution
nkarthikeyan
Rising star
Rising star
In response to nkarthikeyan

‎08-01-2014 04:04 AM

Hi Kaushik,

 

Both the options you can do... either with the single IP or with different IP's... I hope by looking at your earlier configuration it seems that you were trying to do with single/same IP...

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents