03-07-2012 02:30 PM - edited 03-07-2019 05:25 AM
Can someone give me an example of how to enter the following into an ASA on 8.4 IOS.
Source INSIDE: 10.0.40.30 TCP on port 10100 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.40 TCP on port 10103 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10104 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10105 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10106 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10107 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Thanks
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
03-07-2012 05:19 PM
Hello.
object network REAL
host 10.0.40.30
object service TCP10100
service tcp source eq 10100
object service TCP10103-10107
service tcp source range 10103 10107
nat (inside,outside) source static REAL interface service TCP10100 TCP10100
nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107
Please rate if it helps. Kind regards
03-07-2012 05:19 PM
Hello.
object network REAL
host 10.0.40.30
object service TCP10100
service tcp source eq 10100
object service TCP10103-10107
service tcp source range 10103 10107
nat (inside,outside) source static REAL interface service TCP10100 TCP10100
nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107
Please rate if it helps. Kind regards
03-08-2012 02:25 AM
Hi,
See the below example config what I have on my ASA and working fine.
interface Ethernet0/0
nameif outside
security-level 0
ip address 119.36.105.210 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.117.1 255.255.255.0
hostname(config)# object network Router_A
hostname(config-network-object)# host 192.168.117.2
hostname(config-network-object)# nat (inside,outside) static 119.36.105.211
hostname(config)# access-list ACCESS-TO-SERVER extended permit tcp any host 192.168.117.2 eq telnet
hostname(confi)# access-group ACCESS-TO-SERVER in interface outside
Please rate the helpfull posts.
Regards,
Naidu.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: