PAT on ASA with single global IP

I have a 5525 ASA and need to get a PAT for port 8280 from the outside to the inside. i need all the steps involved remembering the newest version of ASA the NAT/PAT commands have changed. single outside to internal 172.16.22.3 8280


interface GigabitEthernet0/0

 nameif outside



 ip address 50.201.x.x 255.255.255.252

interface GigabitEthernet0/7

 nameif inside

 security-level 100

 ip address 172.16.22.1 255.255.255.248

interface GigabitEthernet0/7

 nameif inside

 security-level 100

 ip address 172.16.22.1 255.255.255.248
cj_cbAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
fgasimzadeConnect With a Mentor Commented:
Sorry, forget my last post. It should be

object network obj-172.16.22.3
   host 172.16.22.3
   nat (inside,outside) static interface service tcp 8280 8280


access-list outside_access_in extended permit tcp any host 172.16.22.3  eq 8280
0
 
woolnoirCommented:
object network obj-172.16.22.3
 host 172.16.22.3
 nat (inside,outside) static 50.201.x.x service tcp 8280 8280

that should work ?
0
 
woolnoirCommented:
i should add i dont have a device to test that one with the new version, but it looks like http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp113630 gives the info, specifically the regular static PAT in table 6
0
 
cj_cbAuthor Commented:
i have tried that command, with no success from what i can find this is the latest ASA version and the nat commands have changed drastically on 8.4x.
I have found this and have not tried yet. this is a single outside IP

ASA(config)#nat (inside,outside) source dynamic

fw01# conf t
-fw01(config)# obje
-fw01(config)# object network static-pat-tcp
-fw01(config-network-object)# host 172.16.22.3
-fw01(config-network-object)# nat(inside,outside) static interface service $

nat(inside,outside) static interface service tcp 8280 8280
   ^
ERROR: % Invalid input detected at '^' marker.
nmi-fw01(config-network-object)#
0
 
fgasimzadeCommented:
Here is what you need:

object network obj-172.16.22.3
   host 172.16.22.3
   nat (inside,outside) static 172.16.22.3 service tcp 8280 8280

Is it TCP by the way?

You would also need to add an access-list to your outside interface

access-list outside_access_in extended permit tcp any host 172.16.22.3  eq 8280
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.