Solved

static pat to a port range?

Posted on 2009-07-07
6
1,558 Views
Last Modified: 2012-05-07
I am migrating some firewall settings from an old WatchGuard box to a Cisco ASA 5510.

On the old firewall are some static PAT statements that point to a range of ports (5000-5500 for instance).

Is it possible to do the same thing on the ASA without typing in 500 PAT statements?
0
Comment
Question by:AsenathWaite
  • 4
  • 2
6 Comments
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24794491
Hello,

PAT are dynamic NAT ports, so, no, you cannot use PAT this way, NAT however can

can you place the code from the Watchguard to better understand your question?

Jfer
0
 

Author Comment

by:AsenathWaite
ID: 24794785
The WatchGuard has a statment in it (it is a gui) that NAT/PATs an internal address to an external address at a range of ports (5000-5500).

I can't do a one-to-one static nat because I need the external (public) address for other things as well.
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24800032
Sure,

you can do that

ip nat pool POOL1 192.168.1.1 192.168.1.1 netmask 255.255.255.0 type rotary
ip nat pool POOL2 192.168.1.2 192.168.1.2 netmask 255.255.255.0 type rotary
ip nat inside destination list 101 pool POOL1
ip nat inside destination list 102 pool POOL2
access-list 101 permit tcp any any range 5000 5500
access-list 102 permit tcp any any range 5000 5500

the command you want is range in any case

found in

http://slaptijack.com/networking/cisco-nat-and-port-range-resolution/

0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:AsenathWaite
ID: 24808293
Ugh,

Yes, that would work for a Cisco router--but it won't work for a PIX or ASA

those devices don't support the "ip nat pool" command
0
 
LVL 9

Accepted Solution

by:
jfer0x01 earned 50 total points
ID: 24823818
Hi,

just pasted more info

your ACL entries will represent the PAT/NAT statements from your old watchgaurd

access-list 101 permit tcp any any range 5000 5500
access-list 102 permit tcp any any range 5000 5500

basically, apply the ACL rules to the interface, or service name, you which to use the port range with

Jfer
0
 
LVL 9

Expert Comment

by:jfer0x01
ID: 24891131
Hi,

please award points or close question

Jfer
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Building small business network 4 89
Cisco Sup720 Migrate to Sup2T 5 78
Wireless network monitoring 8 71
Configure BGP 22 9
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question