cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
248
Views
0
Helpful
1
Replies

ASA 8.2.1 static nat translation

lubosbella
Level 1
Level 1

Hello,

i want to ask for this:

On ASA version 8.2.1 is configured static translation like this:

static (Inside,Outside)  5.5.5.100 192.168.1.5 netmask 255.255.255.255

what is a static 1:1 mapping between Outside and Inside IP.

This translation create mapping from outside to local PC. But it translate for example RDP session port 3389 to port 3389 what is not a very good solution (i can use access-lists to restrict access from outside of course, but is a bit limiting)...

So i want to have "exception" only for one port to map it to other port on this public IP and other use with no change. 

I can do: static (Inside,Outside)  tcp 5.5.5.100 123456 192.168.1.5 3389 netmask 255.255.255.255, but can´t it use together with 1:1 static statement.

 

Maybe i can use:

global (outside) 2 5.5.5.100

nat (Inside) 2 access_list PC

access-list PC extended permit ip host 192.168.1.5 any 

and then static (Inside,Outside)  tcp 5.5.5.100 123456 192.168.1.5 3389 netmask 255.255.255.255

 

But is this a right way how to deal with this problem?

 

Thank you very much. 

1 Reply 1

Robert Falconer
Level 1
Level 1

Why do you need the 1 to 1 static for that PC if you just want to do port forwarding? Is there some requirement that desktop has a static IP address on the public internet?

If you must keep the 1 to 1, you can pretty easily change the port that PC listens on for remote desktop. That policy NAT example you have might work also.

Review Cisco Networking for a $25 gift card