Re: Hi,

Syed Yasir Imam · ‎08-17-2017

I have a scenario about Policy static NAT in ASA 9.6

I have server listening on port tcp/8443. It will be accessed from specific networks in internet. I want to NAT my server to public IP but port specific only for those specific networks in internet. Is it possible?

object network <server's public IP address>
host <server's public IP address>

object network <Internet hosts/network>
host <Internet hosts/network>

object service TCP_HTTPSCA
service tcp destination eq 8443

nat (inside,outside) source static <server's private IP address> <server's public IP address> destination static <Internet hosts/network> <Internet hosts/network> service TCP_HTTPSCA TCP_HTTPSCA

but above is not working!

Below is working...but its not port specific...how can i make it port specific?

nat (inside,outside) source static <server's private IP address> <server's public IP address> destination static <Internet hosts/network> <Internet hosts/network>

Aditya Ganjoo · ‎08-17-2017

Hi,

The NAT configuration looks fine.

Can you post the packet-tracer output for this traffic?

packet-tracer input outside tcp <internet host ip > 5656 <server's public IP address> 443 detailed

Regards,

Aditya

Please rate helpful and mark correct answers

Syed Yasir Imam · ‎08-31-2017

:) It is working fine!

I dont know where i was doing the mistake but port specific (policy NAT) is working!

Thanks.