PAT on Cisco ASA 5510

Posted on 2011-05-13
Last Modified: 2012-05-11

I have an internal FTP server, and I need a specific external network  y.y.y.0 to be able to access it on a different port, lets say TCP 999.
The server runs FTP on port 21 as usual.
What should be the config (CLI or ASDM)

Question by:IT-Gang
    LVL 35

    Accepted Solution

    static (inside,outside) tcp public_ip 999 21 netmask
    access-list outside permit tcp y.y.y.0 host public_ip eq 999
    access-group outside in interface outside

    Should do it.
    LVL 7

    Expert Comment

    assuming you have an interface named:
    - inside for inside
    - outside for outside
    - your outside ip address is
    - your asa version is before 8.3

    Then the command is:
     static (inside,outside) tcp 999 21

    to map the port

    and to allow for the traffic:
    access-group outside_access_in in interface outside
    access-list outside_access_in permit tcp y.y.y.0 eq 999
    LVL 35

    Expert Comment

    by:Ernie Beek
    @joelvp: Thanks for confirming that ;)

    Author Comment

    Sorry for grading it C, it was a pure mistake
    LVL 35

    Expert Comment

    by:Ernie Beek
    The C or the question?

    Author Comment

    The C of course :)
    LVL 35

    Expert Comment

    by:Ernie Beek
    That's what I hoped for ;)
    Well in that case, we can always ask-a-mod :)

    Allow me.........

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now