• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 59
  • Last Modified:

PAT's on the outside interface of a ASA 5510

I have an ASA 5510 with two public subnets... The first subnet has an IP address allocated to the outside interface of the ASA...  That's it only function...  Now..  I've ran out of public IP's and I need to create a PAT for ports 80, 443, 4307, and 4310...  In the past I tried creating a PAT via my outside interface and had issues..  Is this possible?  Can someone lead me in the right direction?  I normally do the below commands to create a PAT on one of my public IPs..  How would I do that for my outside interface/IP?

object network obj-192.168.1.131
host 192.168.1.131

access-list outside extended permit tcp any host 192.168.1.131 eq https

object network obj-192.168.1.131
nat (inside,outside) static MypublicIP service tcp https https

access-group outside in interface outside
0
gopher_49
Asked:
gopher_49
1 Solution
 
SIM50Commented:
object network obj-192.168.1.131
host 192.168.1.131
nat (inside,outside) static interface service tcp 80 80

If you have SSL VPN enabled on outside interface, I wouldn't do PAT on port 443 or it will brake your VPN.
0
 
Michael OrtegaSales & Systems EngineerCommented:
I believe you want to PAT on one of the usable public IP's, but not the global IP that's assigned to the outside interface itself, right? If that's the case, simply reference the IP from your usable block that you want to use in place of "MypublicIP" and you should be good.

MO
0
 
gopher_49Author Commented:
Oh yea.  I forgot about that.  Guess I'll need more IPs.
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now