Solved

PAT's on the outside interface of a ASA 5510

Posted on 2016-10-20
3
37 Views
Last Modified: 2016-10-20
I have an ASA 5510 with two public subnets... The first subnet has an IP address allocated to the outside interface of the ASA...  That's it only function...  Now..  I've ran out of public IP's and I need to create a PAT for ports 80, 443, 4307, and 4310...  In the past I tried creating a PAT via my outside interface and had issues..  Is this possible?  Can someone lead me in the right direction?  I normally do the below commands to create a PAT on one of my public IPs..  How would I do that for my outside interface/IP?

object network obj-192.168.1.131
host 192.168.1.131

access-list outside extended permit tcp any host 192.168.1.131 eq https

object network obj-192.168.1.131
nat (inside,outside) static MypublicIP service tcp https https

access-group outside in interface outside
0
Comment
Question by:gopher_49
3 Comments
 
LVL 14

Accepted Solution

by:
SIM50 earned 500 total points
ID: 41852801
object network obj-192.168.1.131
host 192.168.1.131
nat (inside,outside) static interface service tcp 80 80

If you have SSL VPN enabled on outside interface, I wouldn't do PAT on port 443 or it will brake your VPN.
0
 
LVL 16
ID: 41853187
I believe you want to PAT on one of the usable public IP's, but not the global IP that's assigned to the outside interface itself, right? If that's the case, simply reference the IP from your usable block that you want to use in place of "MypublicIP" and you should be good.

MO
0
 

Author Closing Comment

by:gopher_49
ID: 41853258
Oh yea.  I forgot about that.  Guess I'll need more IPs.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Quality settings for cisco routers 8 53
Cisco Prime and Maps 3 35
syslog id vs. msg 2 20
Cisco ASA LDAP Authentication for VPN and Management 8 11
This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now