Solved: Re: Looking for a best way to configure static PAT on ASA 8.3(2)

Difan Zhao · ‎01-19-2011

Hi experts,

I have another dilemma here. I need to NAT tcp ports 10001, 20001 and 30001 on external IP 4.4.4.4 to the same ports on internal IP 192.168.1.4. Do I have to create three objects for each port for the internal IP? like:

object network 192.168.1.4-10001

host 192.168.1.4

nat (inside,outside) static 4.4.4.4 service tcp 10001 10001

object network 192.168.1.4-20001

hsot 192.168.1.4

nat (inside,outside) static 4.4.4.4 service tcp 20001 20001

object network 192.168.1.4-30001

hsot 192.168.1.4

nat (inside,outside) static 4.4.4.4 service tcp 30001 30001

I try to use "twice NAT" but I can't use object-group for ports. If I use object then I still have to define one service object for each port... Any suggestions??

Thanks!

Kureli Sankar · ‎01-19-2011

Yes, I know...how you feel. Yes you do have to create 3 diff. objects.

We have filed an enhancement defect to cover this.

CSCte96293 ENH: Objects should support multiple nat/service commands

Until then we do have to create a diff. object for each port that you want to do static pat.

-KS

View solution in original post

Kureli Sankar · ‎01-19-2011

Yes, I know...how you feel. Yes you do have to create 3 diff. objects.

We have filed an enhancement defect to cover this.

CSCte96293 ENH: Objects should support multiple nat/service commands

Until then we do have to create a diff. object for each port that you want to do static pat.

-KS

Difan Zhao · ‎01-20-2011

Thanks for confirming on this...