03-15-2016 09:47 AM - edited 03-12-2019 12:29 AM
Hello folks!
I have a link to internet and I need to create a NAT from a specific IP to my public address using some ports.
Inside interface: 192.168.13.1
host: 192.168.15.1
Outside: 200.x.x.x
Ports: many
I need to map the host to public address using many different ports (I created a service obj).
Anyone know how can I do it?
Solved! Go to Solution.
03-15-2016 12:58 PM
Hi Marcio,
In your case the
nat (inside,outside) source static obj-192.168.13.1 obj-200.x.x.x ports ports-
And yes you need to translate the ports even though we will use the same port in both direction.
Hope it answers your query.
Regards,
Aditya
Please rate helpful posts.
03-15-2016 10:08 AM
Hi Marcio,
According to your ASA os
Here is the link for your reference:-
https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
03-15-2016 11:03 AM
Dinesh,
Thanks for your support, this link is good, but in the same time confuse, because in my case I believe that I have to use Dynamic Policy NAT , is the unique exemplo that show hot to map ports.
I couldn´t understand why should I map private IP to other priviate IP and than specifi the destination?
03-15-2016 11:35 AM
Hi Marcio,
You cannot use dynamic Policy NAT as it is uni-directional so we need to use Static PAT.
The following example configures static NAT-with-port-translation for 192.168.13.1 at TCP port 21 to the outside
Create an object network first.
object network obj-200.x.x.x
host 200.x.x.x
ciscoasa(config)# object network my-ftp-server
ciscoasa(config-network-object)# host 192.168.13.1
ciscoasa(config-network-object)# nat (inside,outside) static obj-200.x.x.x service tcp 21 2121
Similarly,you can create same NAT for different ports using the same PUBLIC IP.
Here is a link:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_objects.html#pgfId-1106703
Regards,
Aditya
Please rate helpful posts.
03-15-2016 12:18 PM
thanks Aditya,
This exemplo is very good, but as I can see, I can map the ports one by one and I have differents port´s range with more than 1000 port each, for this reason I was trying to use Service Group.
In this case, is this exemplo the better solution?
03-15-2016 12:27 PM
Hi Marius,
Here is an example:
Original Ports: 10000 - 10010
Translated ports: 20000 - 20010
object service ports
service
object service ports-
service
object network server
host 10.1.1.1
object network server-
host 10.2.2.2
nat
Find the document below for more information and let me know how you would like to
https://supportforums.cisco.com/docs/DOC-9129
Regards,
Aditya
Please rate helpful posts and mark the correct answers.
03-15-2016 12:48 PM
This link is the same that Dinesh sent to me and my dought about it are:
In your exemplo obj server is my internal IP and obj server-xlate is the public IP, right?
About the ports, Is necessary to translate? Because the aplication will use the same port in both direction
03-15-2016 12:58 PM
Hi Marcio,
In your case the
nat (inside,outside) source static obj-192.168.13.1 obj-200.x.x.x ports ports-
And yes you need to translate the ports even though we will use the same port in both direction.
Hope it answers your query.
Regards,
Aditya
Please rate helpful posts.
03-15-2016 01:06 PM
Thanks Aditya.
All the information help me a lot.
Thanks
03-15-2016 01:08 PM
Hi Mario,
Glad to help you :)
Regards,
Aditya
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide