Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
888
Views
10
Helpful
7
Replies

Port Map with NAT

marcio.tormente
Level 4
Level 4

‎03-28-2016 01:12 PM - edited ‎03-12-2019 12:32 AM

Hello folks,

I have to configure my ASA to allow the traffic such as the file attach

I know thar is possible to map one port to another, even range, but I have no idea how can I map one port to others such as >=1024.

Anyone knows what is the best option to configure a ASA 5506 that have only one internet Lik to use this information in the file attached?

Thanks

Marcio

Labels:
Preview file
318 KB
0 Helpful
7 Replies 7

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎03-28-2016 05:17 PM

Hi Marcio,

If it is an outbound traffic you can use auto-NAT for this for instance:

object-Inside-network

nat (inside,outside) dynamic interface.

And if the servers are on the inside and you need access from outside you need to go for the static translations for instance:

object-inside-server

host 192.168.1.1

nat (inside,outside) source static <MAPPED IP>

Regards,

Aditya

Please rate helpful posts.

0 Helpful

marcio.tormente
Level 4
Level 4
In response to Aditya Ganjoo

‎03-29-2016 07:20 AM

Aditya,

Thansk for your support

In my case is not only internet access, this configuration is aredy done, I need creat a DMZ where I´ll install a server and this server have to acesse the internet, but using specific ports, as you can see in the file that I attached before.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to marcio.tormente

‎03-29-2016 08:58 AM

Hi Marcio,

Yes I understood the requirements.

We can go for one to one static NAT that I have already shared.

object-inside-server

host 192.168.1.1

nat (inside,dmz) source static <MAPPED IP>

I think the server would be used as a VOICE server, correct me if i am wrong.

Regards,

Aditya

Please rate helpful posts.

marcio.tormente
Level 4
Level 4
In response to Aditya Ganjoo

‎03-30-2016 07:21 AM

Hello Aditya,

In case of map, in the documment say that I have to map a specific port to >=1024, map all ports one by one is crazy and if is possible to make this map to a variable >=1024 it should impact other applications?

Yes, you are correct, this server is only to voice.

0 Helpful

Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to marcio.tormente

‎03-30-2016 10:41 AM

Hi Marcio,

A static one to one NAT would be sufficient.

Let me know if still does not work.

Regards,

Aditya

Please rate helpful posts.

marcio.tormente
Level 4
Level 4
In response to Aditya Ganjoo

‎03-30-2016 11:51 AM

Hi Aditya,

If I create a static one to one NAT, such as 192.168.1.1 to 200.x.x.1, this will work to Expressway E to acesse the internet from DMZ and about the rest of the network that need access the internet using the same public IP?

0 Helpful

marcio.tormente
Level 4
Level 4
In response to Aditya Ganjoo

‎03-30-2016 11:00 AM

Aditya,

I found this link that is almost the same that I need, the difference is that, this link there is a VCS Control and in my case is the Expressway Core and I have only one firewall.

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118992-configure-nat-00.html

This link talk about the internal comunication (inside to DMZ), and don´t know if this kind of comunication is enough to DMZ to internet, because my link is not dedicate to this service, all company access the internet using the same link (I have only one public IP).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card