Solved

PAT's on the outside interface of a ASA 5510

Posted on 2016-10-20
3
48 Views
Last Modified: 2016-10-20
I have an ASA 5510 with two public subnets... The first subnet has an IP address allocated to the outside interface of the ASA...  That's it only function...  Now..  I've ran out of public IP's and I need to create a PAT for ports 80, 443, 4307, and 4310...  In the past I tried creating a PAT via my outside interface and had issues..  Is this possible?  Can someone lead me in the right direction?  I normally do the below commands to create a PAT on one of my public IPs..  How would I do that for my outside interface/IP?

object network obj-192.168.1.131
host 192.168.1.131

access-list outside extended permit tcp any host 192.168.1.131 eq https

object network obj-192.168.1.131
nat (inside,outside) static MypublicIP service tcp https https

access-group outside in interface outside
0
Comment
Question by:gopher_49
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41852801
object network obj-192.168.1.131
host 192.168.1.131
nat (inside,outside) static interface service tcp 80 80

If you have SSL VPN enabled on outside interface, I wouldn't do PAT on port 443 or it will brake your VPN.
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 41853187
I believe you want to PAT on one of the usable public IP's, but not the global IP that's assigned to the outside interface itself, right? If that's the case, simply reference the IP from your usable block that you want to use in place of "MypublicIP" and you should be good.

MO
0
 

Author Closing Comment

by:gopher_49
ID: 41853258
Oh yea.  I forgot about that.  Guess I'll need more IPs.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question