Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1894
Views
0
Helpful
2
Replies

Port range forwarding using ASA 5505

Go to solution
edwardd0017
Level 1
Level 1

‎10-29-2015 11:58 PM - edited ‎03-11-2019 11:48 PM

Hello,

I'm trying to forward a huge number of ports (8500-8600). I tried using the ASDM but I'm getting an error please see attached file. How do I achieve forwarding the above ports?

Thanks in advance!

-Ed

Labels:
Preview file
18 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎10-30-2015 01:09 AM

Hi there,

I don't think you can put a range of ports in a nat statement like that. Instead define an object group of tcp ports. (I have ommited some of the service definitions so you'll need to fill them in):

!
object-group servier SVR_services
 service tcp source eq 8500
 service tcp source eq 8501
...
 service tcp source eq 8599
 service tcp source eq 8600
!
object network Outside_to_Inside_OnSSI_MediaSVR_Stream
 nat(inside,outside) static interface service SVR_services SVR_services
!

Don't forget to ammend your ACL_in for the outside interface for each of these ports.

cheers,

Seb.

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎10-30-2015 01:45 AM

Actually you can not use object group for NAT. you need to create a regular service object for this.

for example.

object service PORTS

  service tcp source range 8500 8600

object network SERVER

  host 10.10.10.10

nat (inside,outside) source static SERVER interface service PORTS PORTS

If you require several different port ranges or ports, each of these would need a seperate NAT statement.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎10-30-2015 01:09 AM

Hi there,

I don't think you can put a range of ports in a nat statement like that. Instead define an object group of tcp ports. (I have ommited some of the service definitions so you'll need to fill them in):

!
object-group servier SVR_services
 service tcp source eq 8500
 service tcp source eq 8501
...
 service tcp source eq 8599
 service tcp source eq 8600
!
object network Outside_to_Inside_OnSSI_MediaSVR_Stream
 nat(inside,outside) static interface service SVR_services SVR_services
!

Don't forget to ammend your ACL_in for the outside interface for each of these ports.

cheers,

Seb.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎10-30-2015 01:45 AM

Actually you can not use object group for NAT. you need to create a regular service object for this.

for example.

object service PORTS

  service tcp source range 8500 8600

object network SERVER

  host 10.10.10.10

nat (inside,outside) source static SERVER interface service PORTS PORTS

If you require several different port ranges or ports, each of these would need a seperate NAT statement.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card