Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1112
Views
10
Helpful
4
Replies

NATs, PATs, and ACLs - which do I need?

Go to solution
haggittmark@tm-america.com
Level 1
Level 1

‎12-03-2019 12:37 PM

I have some devices (RFID Readers) on their own subnet inside my private network that need to be able communicate with an outside company on a specific UDP port and another specific TCP port. I am trying to configure this on my firewall usinf ASDM.
I have created ACL’s that I think are correct for allowing the ports to communicate on the subnet.
Using ASDM, I have tried to create a Dynamic NAT using a pool of addresses, which didn’t work. So, I tried making a PAT which didn’t work.
I’m used to making Static NATs.
I’m getting confused because I want to use a handful of addresses on a particular subnet.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎12-03-2019 02:04 PM

Hello

Are you already using NAT on the firewall(s)

Is this a single ASA or dual ASA HA

Running single or multiple contexts in routed or transparent mode?

 

Could you post

-interface names  (inside/outside)

- internal external addressing/port numbers

or the running configuration if applicable ?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

4 Replies 4

Go to solution
Georg Pauwen
VIP
VIP

‎12-03-2019 01:47 PM

Hello,

 

PAT, in theory, should work, as it translates all ports. Provided of course that you are allowing these ports back into your firewall.

 

Can you post the running config of your ASA and indicate which UDP and TCP port are required ?

Go to solution
paul driver
VIP
VIP

‎12-03-2019 02:04 PM

Hello

Are you already using NAT on the firewall(s)

Is this a single ASA or dual ASA HA

Running single or multiple contexts in routed or transparent mode?

 

Could you post

-interface names  (inside/outside)

- internal external addressing/port numbers

or the running configuration if applicable ?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to paul driver

‎12-04-2019 05:45 AM

Yes, we already have a NAT to the outside world.

We have dual ASA HA in routed mode.

Let me see about supplying the information for the other questions.

0 Helpful

Go to solution
haggittmark@tm-america.com
Level 1
Level 1
In response to paul driver

‎12-06-2019 05:53 AM

Your questions lead me to see that I needed and ACL for the reverse direction.  Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card