Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
3
Helpful
2
Replies

NAT question

Go to solution
scdigital
Level 1
Level 1

‎03-07-2012 02:30 PM - edited ‎03-07-2019 05:25 AM

Can someone give me an example of how to enter the following into an ASA on 8.4 IOS.

Source INSIDE: 10.0.40.30 TCP on port 10100 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.40 TCP on port 10103 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10104 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10105 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10106 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Source INSIDE: 10.0.40.30 TCP on port 10107 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port

Thanks

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎03-07-2012 05:19 PM

Hello.

object network REAL

   host 10.0.40.30

object service TCP10100

    service tcp source eq 10100

object service TCP10103-10107

   service tcp source range 10103 10107


nat (inside,outside) source static REAL interface service TCP10100 TCP10100

nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107

Please rate if it helps. Kind regards

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎03-07-2012 05:19 PM

Hello.

object network REAL

   host 10.0.40.30

object service TCP10100

    service tcp source eq 10100

object service TCP10103-10107

   service tcp source range 10103 10107


nat (inside,outside) source static REAL interface service TCP10100 TCP10100

nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107

Please rate if it helps. Kind regards

0 Helpful

Go to solution
Latchum Naidu
VIP Alumni
VIP Alumni
In response to Eduardo Aliaga

‎03-08-2012 02:25 AM

Hi,

See the below example config what I have on my ASA and working fine.

interface Ethernet0/0
nameif outside
security-level 0
ip address 119.36.105.210 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.117.1 255.255.255.0


hostname(config)# object network Router_A
hostname(config-network-object)# host 192.168.117.2
hostname(config-network-object)# nat (inside,outside) static 119.36.105.211
hostname(config)# access-list ACCESS-TO-SERVER extended permit tcp any host  192.168.117.2 eq telnet
hostname(confi)# access-group ACCESS-TO-SERVER in interface outside

Please rate the helpfull posts.
Regards,
Naidu.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card