Hi Roger,

admiralrich · ‎11-12-2015

Good day,

I am trying to create a NAT using the ASDM for port forwarding. I am port forwarding to a device that we need to get to. Here is the command to execute such from the command line.

object network clock-51-6401
(Inside,Internet) static interface service tcp 5402 6401

Then an access list in created to allow the connection.

When I look at it from the ASDM gui, I see the ,"fall through interface PAT (dest ntf)" grayed out, and the interface selected is not the one I want.

How do I change that?

Akshay Rastogi · ‎11-12-2015

Hi Roger,

Interface is grayed out because you are using 'static'. If you choose 'Dynamic' from the drop down menu then it would be available for change. Therefore enter your ip or name the mapped interface(in your case type internet).

Real and Mapped interface could be selected by going to 'advanced' settings.

Hope it helps.

Regards,

Akshay Rastogi

Remember to mark the answer as correct if it answers your query or rate the helpful posts.

Roger Richards · ‎11-15-2015

Thanks for your reply but , it did not change.. Edited...

For some strange reason when I change the ports security from 50 to 100 I was able to do what you instructed. I did change it back and was still able to do it. But when the interface is not selected as "static" you cannot create a real port and a mapped port.

Akshay Rastogi · ‎11-16-2015

Hi Roger,

There are two options Dynamic Hide and Dynamic. If you select Dynamic then it would change.

You would not be able to configure real and mapped port if you select anything other than Static as Dynamic is unidirectional NAT. So changing real to mapped port won't help anything with Dynamic NAT. It is expected.

Hope it helps.

Regards,

Akshay Rastogi

Fall through to interface grayed out ASA 5510