What Cisco device do I need to do ip address and port mapping

What Cisco device do I need to do ip address and port mapping?  I need to translate incoming destinations and ports into internal destination host and port.  Something like this:
-  using Cox IP 98.175.98.10 as our outside static IP address in this example.
DESTINATION                      REPLACEMENT DEST
map 98.175.98.10 8443  to 192.168.168.100 443
map 98.175.98.10 8080  to 192.168.168.101 80

With an IN acl like this
permit 215.50.5.0/24 any

Will a 2921 do this or do I need an ASA firewall?
huffmanaSystem Admin and Network EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

max_the_kingCommented:
Hi,
you will probably do that into the ASA firewall, although it is possible to do it into the router (2921).
It depends on which one is managing NAT; having both it is more likely that you do that on ASA. Besides, 2921 might belong to your ISP.

hope this helps
max
huffmanaSystem Admin and Network EngineerAuthor Commented:
Thanks max_the_king.  Yes the 2921 is NAT overloading the outside Static IP address.  I am managing the 2921.  The NAT is working but how do I configure the incoming Port Mapping?
max_the_kingCommented:
Hi,
something like:

ip nat inside source static tcp 192.168.168.100 443  98.175.98.10 8443 extendable
ip nat inside source static tcp 192.168.168.101 80  98.175.98.10 8080 extendable

and then you need an acl:

something like:

access-list 100 permit   tcp any 98.175.98.10 eq 8443
access-list 100 permit   tcp any 98.175.98.10 eq 8080

max

P.S.: my advice is to use ASA for NAT and ACL

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

JustInCaseCommented:
max_the_king's code is OK, except the part that ACL is, most likely, not needed.
Static source NAT is correctly configured (if interfaces are configure with "ip nat inside | ip nat outside" should be OK).
huffmanaSystem Admin and Network EngineerAuthor Commented:
I ended up getting an ASA because it'll be easier manage ports.  The 2921 will NAT and PAT and ACL could close ports....  I'll try anyway, but the ASA5520 has 4 GI ports and things like DMZ.... it was only $130 on ebay.
huffmanaSystem Admin and Network EngineerAuthor Commented:
Great help you guys.  I appreciate your expert advise.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.