09-29-2010 11:54 AM - edited 03-04-2019 09:56 AM
How do you create a static NAT for a range of ports on a ASA 5510 with IOS 8.2?
I need to forward ports 10000-20000 for RTP for remote access to our VoIP system.
I found some articles but the commands are very outdated.
09-29-2010 12:19 PM
You can't in that version. You would have to do a 1-1 NAT. I believe 8.3 can so you may want to upgrade.
Hope it helps.
09-29-2010 12:28 PM
Aww, the dreaded upgrade. That's going to break some things...
09-29-2010 12:31 PM
I've had pretty good luck with 8.3, but all of my firewalls that are running 8.3 are not doing any NAT. Looking at the config guide, the
whole new NAT and ACL configuration looks a little weird to me.
09-29-2010 05:44 PM
There has to be a way. I don't understand how cisco could do that.
09-29-2010 06:27 PM
Hello,
Unfortunately, Pre-8.3 code does not have a way of mapping multiple outside ports to corresponding inside ports in a single statement. However, if you upgrade to 8.3, it can map multiple outside ports (a range) to corresponding ports on the inside.
object service test
service tcp source range 20 50
object network outside_ip
host 64.1.1.1
object network inside_ip
host 192.168.1.1
nat (inside,outside) source static inside_ip outside_ip service test test
If you want to do it on Pre-8.3 (8.2 and earlier), then either you need to use multiple statements or you need to map the entire IP (1-1 NAT).
Hope this helps.
Regards,
NT
09-29-2010 07:12 PM
How do you map the entire IP?
09-29-2010 07:54 PM
Hello,
If you have an unused public IP, then you can use the following template:
static (inside,outside)
Then, you use access-list on the outside interface to allow specific ports (or port range).
access-list outside_access_in permit tcp any host
access-group outside_access_in in interface outside
Hope this helps.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide