We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

static pat to a port range?

AsenathWaite
AsenathWaite asked
on
Medium Priority
1,676 Views
Last Modified: 2012-05-07
I am migrating some firewall settings from an old WatchGuard box to a Cisco ASA 5510.

On the old firewall are some static PAT statements that point to a range of ports (5000-5500 for instance).

Is it possible to do the same thing on the ASA without typing in 500 PAT statements?
Comment
Watch Question

Commented:
Hello,

PAT are dynamic NAT ports, so, no, you cannot use PAT this way, NAT however can

can you place the code from the Watchguard to better understand your question?

Jfer

Author

Commented:
The WatchGuard has a statment in it (it is a gui) that NAT/PATs an internal address to an external address at a range of ports (5000-5500).

I can't do a one-to-one static nat because I need the external (public) address for other things as well.

Commented:
Sure,

you can do that

ip nat pool POOL1 192.168.1.1 192.168.1.1 netmask 255.255.255.0 type rotary
ip nat pool POOL2 192.168.1.2 192.168.1.2 netmask 255.255.255.0 type rotary
ip nat inside destination list 101 pool POOL1
ip nat inside destination list 102 pool POOL2
access-list 101 permit tcp any any range 5000 5500
access-list 102 permit tcp any any range 5000 5500

the command you want is range in any case

found in

http://slaptijack.com/networking/cisco-nat-and-port-range-resolution/

Author

Commented:
Ugh,

Yes, that would work for a Cisco router--but it won't work for a PIX or ASA

those devices don't support the "ip nat pool" command
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Commented:
Hi,

please award points or close question

Jfer
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.