Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
2
Replies

The scope of port mapping

Go to solution
qiuxue007
Level 1
Level 1

‎01-21-2014 07:06 PM - edited ‎03-11-2019 08:34 PM

I want to map the TCP 999-120 to the public

Internal server is 10.10.3.189

1.1.1.1 is public network address

What should I do?

ASA 5512 IOS 8.6I want to map the TCP 999-120 to the public
Internal server is 10.10.3.189
1.1.1.1 is public network address
What should I do?
ASA 5512 IOS 8.6

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-21-2014 11:43 PM

Hi,

Do you mean range TCP/120-999 ?

Is the example IP 1.1.1.1 configured on your external interface of the ASA?

If so them the configuration could be

object server TCP120-999

service tcp source range 120 999

object network HOST

host 10.10.3.189

nat (inside,outside) source static HOST interface service TCP120-999 TCP120-999

You would also have to add ACL statement to allow this traffic from the external network. This configurations depends if you have an existing ACL or not.

The below presumes you have no existing ACL configured

access-list OUTSIDE-IN remark Allow TCP/120-999

access-list OUTSIDE-IN permit tcp any object HOST range 120 999

access-group OUTSIDE-IN in interface outside

If you have an existing ACL then just replace the ACL name and add the lines (in this case you dont use the "access-group" comnand at all)

Let me know if this was what you were looking for

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-21-2014 11:43 PM

Hi,

Do you mean range TCP/120-999 ?

Is the example IP 1.1.1.1 configured on your external interface of the ASA?

If so them the configuration could be

object server TCP120-999

service tcp source range 120 999

object network HOST

host 10.10.3.189

nat (inside,outside) source static HOST interface service TCP120-999 TCP120-999

You would also have to add ACL statement to allow this traffic from the external network. This configurations depends if you have an existing ACL or not.

The below presumes you have no existing ACL configured

access-list OUTSIDE-IN remark Allow TCP/120-999

access-list OUTSIDE-IN permit tcp any object HOST range 120 999

access-group OUTSIDE-IN in interface outside

If you have an existing ACL then just replace the ACL name and add the lines (in this case you dont use the "access-group" comnand at all)

Let me know if this was what you were looking for

- Jouni

0 Helpful

Go to solution
qiuxue007
Level 1
Level 1

‎01-22-2014 06:01 AM

Thinks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card