?
Solved

How do I configure PAT/port fowarding on cisco Asa FW

Posted on 2008-10-02
4
Medium Priority
?
781 Views
Last Modified: 2011-09-20
I have a setup on cisco ASA fw with an inside host with private ip, nat'd to global IP on the outside. This host needs to be accessed by 6 diferent outside hosts each on a different tcp port(non-standard ports).
How do I achieve this using translation? Thanks
0
Comment
Question by:rigour
  • 2
  • 2
4 Comments
 
LVL 26

Accepted Solution

by:
Soulja earned 750 total points
ID: 22626808
Try this:

Place your ip's in the appropriate places


static (inside,outside) outside_ip inside_ip netmask 255.255.255.255

access-list OUTSIDE extended permit tcp host HOST1 host inside_host_ip eq port1
access-list OUTSIDE extended permit tcp host HOST2 host inside_host_ip eq port2
access-list OUTSIDE extended permit tcp host HOST3 host inside_host_ip eq port3
access-list OUTSIDE extended permit tcp host HOST4 host inside_host_ip eq port4
access-list OUTSIDE extended permit tcp host HOST5 host inside_host_ip eq port5
access-list OUTSIDE extended permit tcp host HOST6 host inside_host_ip eq port6

access-group OUTSIDE in interface outside
0
 

Author Comment

by:rigour
ID: 22632194
Thanks Soulja, I am currently putting together a design solution for an urgent implementation, so cannot physically test your suggestion straightaway. Logically I believe it will work in the scenario given earlier.

What if the inside host increased to 3 or 4 hosts that need to use the one global address for nat, because of shortage of public address. How could the 6 external hosts access the 3 internal hosts, still on the different ports? Thanks
0
 

Author Comment

by:rigour
ID: 22647891
Thanks Soulja, I am currently putting together a design solution for an urgent implementation, so cannot physically test your suggestion straightaway. Logically I believe it will work in the scenario given earlier.

What if the inside host increased to 3 or 4 hosts that need to use the one global address for nat, because of shortage of public address. How could the 6 external hosts access the 3 internal hosts, still on the different ports? Thanks
0
 
LVL 26

Expert Comment

by:Soulja
ID: 22688686
It would still remain on a per port basis.
0

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

585 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question