ASA 8.2 to 8.4 PAT

In the old 8.2 config we have multiple PAT's from the inside to the outside ie;

static (inside,outside) tcp 1.1.1.1 7096 2.2.2.2 7096 netmask 255.255.255.255  dns
 
static (inside,outside) tcp 1.1.1.1 7079 2.2.2.2 7079 netmask 255.255.255.255  dns

When trying this as detailed on https://supportforums.cisco.com/docs/DOC-9129 it should change to:

object network SWITCH-2.2.2.2
host 2.2.2.2
nat (inside,outside) static 1.1.1.1 service tcp 7096 7096
nat (inside,outside) static 1.1.1.1 service tcp 7079 7079

When we try to put this in it will only allow one entry to be placed and overwrite the previous.  We therefore used the NAT before object with the following commands:

 nat (inside,outside) 2 source static 2.2.2.2 overload-1.1.1.1 service tcp-7096 tcp-7096
 nat (inside,outside) 2 source static 2.2.2.2 overload-1.1.1.1 service tcp-7079 tcp-7079

We then put an ACL on the outside interface:

access-list outside_access_in line 2 extended permit tcp host 3.3.3.3 object overload-1.1.1.1 eq 7079

We see hits on the ACL but we do not get any connection.
LVL 1
wanstorAsked:
Who is Participating?
 
Ernie BeekExpertCommented:
The thing is that you need to create two objects (hurray for the new nat......)
So like:

object network SWITCH-2.2.2.2-7096
host 2.2.2.2
nat (inside,outside) static 1.1.1.1 service tcp 7096 7096

object network SWITCH-2.2.2.2-7079
host 2.2.2.2
nat (inside,outside) static 1.1.1.1 service tcp 7079 7079

0
 
Pete LongTechnical ConsultantCommented:
>>(hurray for the new nat......)

<grin>
0
 
wanstorAuthor Commented:
Hurray is one word.  I can think of many alternatives :-)

0
 
Ernie BeekExpertCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.