Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
155
Views
0
Helpful
0
Replies

Help setting up PAT on ASA5505 with Dynamic IP

Colin.Hughes
Level 1
Level 1

‎12-01-2015 03:53 PM - edited ‎03-11-2019 11:58 PM

So just to set a correct picture, we have the firewall running and can create a single port PAT translation that works just as expected. .What we can't seem to get right is the way to open a range. We are replacing an older linksys device and this one last little piece is escaping me. I've ready plenty of sugestions here that don't work. so maybe someone has this working and I won't need to add 100 seperate statements to replace the linksys device.

Our cisco is an ASA 5505 running 9.1(6)  connected to a cable modem with a dynamic IP address. We can browse the internet just fine, and can even connect to the single ports that have been PAT'd ....

Just can't seem to get a range of ports working.

Here is part of our config that has been sanatized.

ASA Version 9.1(6)
!
hostname HTG-TEST-FW
domain-name TEST.com
enable password or7feyGaIP0wdTiZ encrypted

interface Ethernet0/0
switchport access vlan 3
!

interface Ethernet0/1 - 7 The same
......
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.155.1 255.255.255.0
!
interface Vlan3
nameif Outside
security-level 0
ip address dhcp setroute
!

clock timezone EST -5
clock summer-time EDT recurring

object network TEST-backup
host 192.168.155.19
object network TEST-HQ-INSIDE-NET
subnet 192.168.155.0 255.255.255.0
object network TEST-bk2774
host 192.168.155.19
object network TEST-INSIDE
subnet 192.168.155.0 255.255.255.0
object network TEST-backup-29001
host 192.168.155.19
object network TEST-bk2773
host 192.168.155.19
object-group service RBackup tcp
port-object eq 2773
port-object eq 2774
port-object range 29001 29100
port-object eq 3389
access-list inside_access_in extended permit tcp object TEST-backup any eq smtp
access-list inside_access_in extended deny tcp any4 any4 eq smtp
access-list inside_access_in extended permit ip any4 any4 log disable
access-list Outside_access_in extended permit tcp any object TEST-backup object-group RBackup

no arp permit-nonconnected
!
object network TEST-backup
nat (inside,Outside) static interface service tcp 3389 3389
object network TEST-bk2774
nat (inside,Outside) static interface service tcp 2774 2774
object network TEST-INSIDE
nat (inside,Outside) static interface
object network TEST-bk2773
nat (inside,Outside) static interface service tcp 2773 2773
access-group inside_access_in in interface inside
access-group Outside_access_in in interface Outside

So the above info and PAT statements seem to work just fine, I've been able to make connections to the server on these above ports just fine.

these lines below seem to go in, get accepted just fine, but we can't make a connection to the server though the firewall.


object service Obj-Rbackup
service tcp source range 29001 29100 destination range 29001 29100
nat (inside,Outside) source static TEST-backup interface service Obj-Rbackup Obj-Rbackup

Any help or guidenance would be apprecated. I've been reading all over the forum and the couple of examples I've found that make sence, leave me stuck with the above config.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card