10-16-2017 08:38 AM - edited 02-21-2020 06:30 AM
Hello,
Is there a simpler/shorter way to create these NATs in few lines?
object network nat-outside-public
host a.b.c.d <<< public IP
object network outside-in-192-168-3-2:50200
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50200 50200
object network outside-in-192-168-3-2:50201
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50201 50201
object network outside-in-192-168-3-2:50202
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50202 50202
object network outside-in-192-168-3-2:50203
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50203 50203
object network outside-in-192-168-3-2:50204
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50204 50204
object network outside-in-192-168-3-2:50205
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50205 50205
object network outside-in-192-168-3-2:50206
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50206 50206
object network outside-in-192-168-3-2:50207
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50207 50207
object network outside-in-192-168-3-2:50208
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50208 50208
object network outside-in-192-168-3-2:50209
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service tcp 50209 50209
10-16-2017 09:39 PM
Define a service range first like this:
object service somename-Source-NAT
service tcp source range 50200 50209
Then use it in a single NAT statement:
object network outside-in-192-168-3-2
host 192.168.3.2
nat (inside2,outside) static nat-outside-public service somename-Source-NAT
10-17-2017 03:24 AM
10-24-2017 01:08 AM
You're right - sorry about the earlier incorrect advice. I just tried it on my ASA running 9.8(1)7 and even there we cannot use service groups in a NAT rule.
It looks like using individual rules is the only way to do this.
10-24-2017 01:43 AM
Thanks for the feedback.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide