Disable port rewriting/randomization for a TCP and UDP port on a Cisco ASA 5510 firewall.
I have a Cisco ASA 5510 firewall that I need to disable port rewriting/randomization for TCP 8008 and UDP 8008 across all my VLAN's and subnets. How Do I do this on the Cisco ASA 5510 firewall?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For 8.2 - can catch "policy NAT and regular NAT"
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_static.html#wp1081445
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_dynamic.html#wp1081841
The other earlier link is the UI version to enforce the specific port for the network object .
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_static.html#wp1081445
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_dynamic.html#wp1081841
The other earlier link is the UI version to enforce the specific port for the network object .
ASKER
Hi,
Thanks for the suggestions. Pete, I've implemented what you have there, but I'm still seeing the TCP and UDP ports being randomized. I do see in the logs now that it says "Built TCP state-bypass connection from OUTSIDE:x.x.x.x/58239 to INSIDE:y.y.y.y/8008"
Any ideas?
Thanks for the suggestions. Pete, I've implemented what you have there, but I'm still seeing the TCP and UDP ports being randomized. I do see in the logs now that it says "Built TCP state-bypass connection from OUTSIDE:x.x.x.x/58239 to INSIDE:y.y.y.y/8008"
Any ideas?
ASKER
Also, I am on ASA version 9.1(5)
ASKER
Anything else I should try?
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/nat_objects.html#wp1106703