cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
390
Views
3
Helpful
2
Replies

NAT question

scdigital
Beginner
Beginner

Can someone give me an example of how to enter the following into an ASA on 8.4 IOS.

Source INSIDE: 10.0.40.30 TCP on port 10100 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.40 TCP on port 10103 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10104 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10105 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10106 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10107 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Thanks

Sent from Cisco Technical Support iPhone App

1 Accepted Solution

Accepted Solutions

Eduardo Aliaga
Enthusiast
Enthusiast

Hello.

object network REAL

   host 10.0.40.30

object service TCP10100

    service tcp source eq 10100

object service TCP10103-10107

   service tcp source range 10103 10107


nat (inside,outside) source static REAL interface service TCP10100 TCP10100

nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107

Please rate if it helps. Kind regards

View solution in original post

2 Replies 2

Eduardo Aliaga
Enthusiast
Enthusiast

Hello.

object network REAL

   host 10.0.40.30

object service TCP10100

    service tcp source eq 10100

object service TCP10103-10107

   service tcp source range 10103 10107


nat (inside,outside) source static REAL interface service TCP10100 TCP10100

nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107

Please rate if it helps. Kind regards

Hi,

See the below example config what I have on my ASA and working fine.

interface Ethernet0/0
nameif outside
security-level 0
ip address 119.36.105.210 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.117.1 255.255.255.0


hostname(config)# object network Router_A
hostname(config-network-object)# host 192.168.117.2
hostname(config-network-object)# nat (inside,outside) static 119.36.105.211
hostname(config)# access-list ACCESS-TO-SERVER extended permit tcp any host  192.168.117.2 eq telnet
hostname(confi)# access-group ACCESS-TO-SERVER in interface outside

Please rate the helpfull posts.
Regards,
Naidu.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: