How to NAT a port range on ASDM for ASA 5505

sergioloporto · ‎06-22-2016

Hello,

I managed to configure port redirect for single ports.

In order to redirect a single port I did the following (and it works well):

But I now need to redirect a big range for data on a Linux machine:

49152 to 65534

Which means that if somebody connects to the Public interface of the ASA on port 49152 it will redirect to 192.168.1.20:49152.
And the same for the whole range. To do it manually for thousands of ports it has no sense. For sure there is a way to do it automatically on the whole range.

Can anybody explain me how to do it?

Thanks

P.s. I am on:

Cisco Adaptive Security Appliance Software Version 9.2(3)4
Device Manager Version 7.4(1)
System image file is "disk0:/asa923-4-k8.bin"

Richard Bradfield · ‎06-22-2016

You need to use a Service object

as attached

create a service object define ports with " udp/49152-65534"

sergioloporto · ‎06-23-2016

Thanks. And how does the access rule looks like?

Richard Bradfield · ‎06-23-2016

something like

IP access-list Outside-in extended permit udp any <Linux server real address> object-group udp-range object-group udp-range

sergioloporto · ‎06-23-2016

I answered above. The current access-lists I have do not start with "ip". For example I have:

access-list outside_access_in_1 extended permit tcp any object 443_Raspberry_Pi object-group Port443

Richard Bradfield · ‎06-23-2016

Sorry yes just Access-list, routers have IP access-list

sergioloporto · ‎06-23-2016

I added that service group. Then I tried to add this command:

access-list Outside-in extended permit tcp any 192.168.1.25 object-group DATA_Tcp_range_FTP_Raspberry object-group DATA_Tcp_range_FTP_Raspberry

But I doesn't accept it. The ports I have to redirect are TCP.
What did I do wrong?