need help to Forward range of Ports to an internal IP, i have only ever done a single port e.g SMTP before


We have a single small network of 1 subnet prtoected by a ASA 5505 firewall, i need to forward a range of ports to a AV box TCP 3230 - 3243 and UDP 3230 - 3285

normally i use the command below to open a signle port like RDP or SMTP however i dont know how to do it for a range of ports, im hoping its not one line at a time.

static (inside,outside) tcp interface 25 25 netmask

Could someone show me the command

Who is Participating?
stsonlineConnect With a Mentor Commented:
Unfortunately you cannot forward a range of ports - what you need to do is assign the AV box a static NAT, then create a set of access rules allowing the port ranges in. For example, assume you have available as a useable NAT and the AV box has an IP address of on the inside interface. First create the NAT:

static (inside,outside) netmask

Then create access rules:

access-list outside_acl extended permit tcp any host range 3230 3243
access-list outside_acl extended permit udp any host range 3230 3385

If you don't want to allow ANY source, replace the 'any' with the proper IP addresses. That should do it.
Pete LongTechnical ConsultantCommented:
you need to allow the range and do a static for EVERY port. :(
ncomperAuthor Commented:

Ive done it similar to that in the fact i have done a static mapping with one of our spare public IP's, however i actually entered the access list lines in on a line line by line basis for each port so i have about 70 lines in there,
I think i will take them out and replace them with the 2 lines above.


Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.