03-07-2012 02:30 PM - edited 03-07-2019 05:25 AM
Can someone give me an example of how to enter the following into an ASA on 8.4 IOS.
Source INSIDE: 10.0.40.30 TCP on port 10100 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.40 TCP on port 10103 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10104 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10105 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10106 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Source INSIDE: 10.0.40.30 TCP on port 10107 -> OUTSIDE: 172.16.4.2 (outside interface) on the same port
Thanks
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
03-07-2012 05:19 PM
Hello.
object network REAL
host 10.0.40.30
object service TCP10100
service tcp source eq 10100
object service TCP10103-10107
service tcp source range 10103 10107
nat (inside,outside) source static REAL interface service TCP10100 TCP10100
nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107
Please rate if it helps. Kind regards
03-07-2012 05:19 PM
Hello.
object network REAL
host 10.0.40.30
object service TCP10100
service tcp source eq 10100
object service TCP10103-10107
service tcp source range 10103 10107
nat (inside,outside) source static REAL interface service TCP10100 TCP10100
nat (inside,outside) source static REAL interface service TCP10103-10107 TCP10103-10107
Please rate if it helps. Kind regards
03-08-2012 02:25 AM
Hi,
See the below example config what I have on my ASA and working fine.
interface Ethernet0/0
nameif outside
security-level 0
ip address 119.36.105.210 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.117.1 255.255.255.0
hostname(config)# object network Router_A
hostname(config-network-object)# host 192.168.117.2
hostname(config-network-object)# nat (inside,outside) static 119.36.105.211
hostname(config)# access-list ACCESS-TO-SERVER extended permit tcp any host 192.168.117.2 eq telnet
hostname(confi)# access-group ACCESS-TO-SERVER in interface outside
Please rate the helpfull posts.
Regards,
Naidu.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide