01-21-2014 07:06 PM - edited 03-11-2019 08:34 PM
I want to map the TCP 999-120 to the public
Internal server is 10.10.3.189
1.1.1.1 is public network address
What should I do?
ASA 5512 IOS 8.6I want to map the TCP 999-120 to the public
Internal server is 10.10.3.189
1.1.1.1 is public network address
What should I do?
ASA 5512 IOS 8.6
Solved! Go to Solution.
01-21-2014 11:43 PM
Hi,
Do you mean range TCP/120-999 ?
Is the example IP 1.1.1.1 configured on your external interface of the ASA?
If so them the configuration could be
object server TCP120-999
service tcp source range 120 999
object network HOST
host 10.10.3.189
nat (inside,outside) source static HOST interface service TCP120-999 TCP120-999
You would also have to add ACL statement to allow this traffic from the external network. This configurations depends if you have an existing ACL or not.
The below presumes you have no existing ACL configured
access-list OUTSIDE-IN remark Allow TCP/120-999
access-list OUTSIDE-IN permit tcp any object HOST range 120 999
access-group OUTSIDE-IN in interface outside
If you have an existing ACL then just replace the ACL name and add the lines (in this case you dont use the "access-group" comnand at all)
Let me know if this was what you were looking for
- Jouni
01-21-2014 11:43 PM
Hi,
Do you mean range TCP/120-999 ?
Is the example IP 1.1.1.1 configured on your external interface of the ASA?
If so them the configuration could be
object server TCP120-999
service tcp source range 120 999
object network HOST
host 10.10.3.189
nat (inside,outside) source static HOST interface service TCP120-999 TCP120-999
You would also have to add ACL statement to allow this traffic from the external network. This configurations depends if you have an existing ACL or not.
The below presumes you have no existing ACL configured
access-list OUTSIDE-IN remark Allow TCP/120-999
access-list OUTSIDE-IN permit tcp any object HOST range 120 999
access-group OUTSIDE-IN in interface outside
If you have an existing ACL then just replace the ACL name and add the lines (in this case you dont use the "access-group" comnand at all)
Let me know if this was what you were looking for
- Jouni
01-22-2014 06:01 AM
Thinks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide