Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
5
Helpful
3
Replies

Static Nat range ports ASA 8.2.

Go to solution
Lucio Garrido
Level 1
Level 1

‎12-03-2015 02:45 PM - edited ‎03-11-2019 11:59 PM

Hello Cisco Community,

    Guys, I need your support and comment about how stablish one Static Nat range port on the ASA 5520 IOS 8.2.

Example:

Private IP 10.1.1.1 ports 4000 - 4500

Public  IP 200.100.10.1 ports 4000 - 4500

Regards and thanks!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Shivapramod M
Level 1
Level 1
In response to Lucio Garrido

‎12-03-2015 05:43 PM

Hi Lucio,

You can create a static NAT in 8.2 and permit only the set of ports using the access list to allow it. 

For example

static (inside,outside) <public IP> <Private IP> netmask 255.255.255.255

Now create access list for thsi traffic.

access-list outside_in extended permit tcp any host <public IP> range 4000 5000

access-group outside_in in interface outside

Or you can upgrade the device to version above 8.3.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

View solution in original post

3 Replies 3

Go to solution
Shivapramod M
Level 1
Level 1

‎12-03-2015 04:53 PM

Hi Lucio,

We can not create static NAT for range of ports in 8.2 version, Need to write multiple Statements or perform a Static one-to-one NAT.. This can be done in versions above 8.3 where there is change in the configuration of the NAT. 

Please refer "Static NAT for a Range of Ports" section

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

Go to solution
Lucio Garrido
Level 1
Level 1
In response to Shivapramod M

‎12-03-2015 05:30 PM

Hello Shivapramod M,

Thank you for your prompt response, so my only option is an upgrade to version IOS 8.3(4) or write line for line. Thanks again for your support and resolve my questions.

Regards!

0 Helpful

Go to solution
Shivapramod M
Level 1
Level 1
In response to Lucio Garrido

‎12-03-2015 05:43 PM

Hi Lucio,

You can create a static NAT in 8.2 and permit only the set of ports using the access list to allow it. 

For example

static (inside,outside) <public IP> <Private IP> netmask 255.255.255.255

Now create access list for thsi traffic.

access-list outside_in extended permit tcp any host <public IP> range 4000 5000

access-group outside_in in interface outside

Or you can upgrade the device to version above 8.3.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card