Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
3
Helpful
2
Replies

NAT question

Go to solution
scdigital
Level 1
Level 1

‎03-07-2012 02:30 PM - edited ‎03-07-2019 05:25 AM

Can someone give me an example of how to enter the following into an ASA on 8.4 IOS.

Source INSIDE: 10.0.40.30 TCP on port 10100 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.40 TCP on port 10103 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10104 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10105 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10106 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10107 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Thanks

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎03-07-2012 05:19 PM

Hello.

object network REAL

   host 10.0.40.30

object service TCP10100

    service tcp source eq 10100

object service TCP10103-10107

   service tcp source range 10103 10107


nat (inside,outside) source static REAL interface service TCP10100 TCP10100

nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107

Please rate if it helps. Kind regards

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎03-07-2012 05:19 PM

Hello.

object network REAL

   host 10.0.40.30

object service TCP10100

    service tcp source eq 10100

object service TCP10103-10107

   service tcp source range 10103 10107


nat (inside,outside) source static REAL interface service TCP10100 TCP10100

nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107

Please rate if it helps. Kind regards

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to Eduardo Aliaga

‎03-08-2012 02:25 AM

Hi,

See the below example config what I have on my ASA and working fine.

interface Ethernet0/0
nameif outside
security-level 0
ip address 119.36.105.210 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.117.1 255.255.255.0


hostname(config)# object network Router_A
hostname(config-network-object)# host 192.168.117.2
hostname(config-network-object)# nat (inside,outside) static 119.36.105.211
hostname(config)# access-list ACCESS-TO-SERVER extended permit tcp any host  192.168.117.2 eq telnet
hostname(confi)# access-group ACCESS-TO-SERVER in interface outside

Please rate the helpfull posts.
Regards,
Naidu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card