Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

PAT on ASA with single global IP

Posted on 2013-05-23
5
Medium Priority
?
567 Views
Last Modified: 2013-05-29
I have a 5525 ASA and need to get a PAT for port 8280 from the outside to the inside. i need all the steps involved remembering the newest version of ASA the NAT/PAT commands have changed. single outside to internal 172.16.22.3 8280


interface GigabitEthernet0/0

 nameif outside



 ip address 50.201.x.x 255.255.255.252

interface GigabitEthernet0/7

 nameif inside

 security-level 100

 ip address 172.16.22.1 255.255.255.248

interface GigabitEthernet0/7

 nameif inside

 security-level 100

 ip address 172.16.22.1 255.255.255.248
0
Comment
Question by:cj_cb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 39193294
object network obj-172.16.22.3
 host 172.16.22.3
 nat (inside,outside) static 50.201.x.x service tcp 8280 8280

that should work ?
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 39193298
i should add i dont have a device to test that one with the new version, but it looks like http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp113630 gives the info, specifically the regular static PAT in table 6
0
 

Author Comment

by:cj_cb
ID: 39193349
i have tried that command, with no success from what i can find this is the latest ASA version and the nat commands have changed drastically on 8.4x.
I have found this and have not tried yet. this is a single outside IP

ASA(config)#nat (inside,outside) source dynamic

fw01# conf t
-fw01(config)# obje
-fw01(config)# object network static-pat-tcp
-fw01(config-network-object)# host 172.16.22.3
-fw01(config-network-object)# nat(inside,outside) static interface service $

nat(inside,outside) static interface service tcp 8280 8280
   ^
ERROR: % Invalid input detected at '^' marker.
nmi-fw01(config-network-object)#
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39193531
Here is what you need:

object network obj-172.16.22.3
   host 172.16.22.3
   nat (inside,outside) static 172.16.22.3 service tcp 8280 8280

Is it TCP by the way?

You would also need to add an access-list to your outside interface

access-list outside_access_in extended permit tcp any host 172.16.22.3  eq 8280
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 2000 total points
ID: 39193538
Sorry, forget my last post. It should be

object network obj-172.16.22.3
   host 172.16.22.3
   nat (inside,outside) static interface service tcp 8280 8280


access-list outside_access_in extended permit tcp any host 172.16.22.3  eq 8280
0

Featured Post

Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question