07-10-2007 09:20 AM - edited 03-11-2019 03:42 AM
Can I have on PC on the inside of my firewall say 192.168.2.2 go out through my firewall on ports 6000 and 6010, but show up on the other side as two IP's depending on which port it is talking to.
So,
192.168.2.2 port 6000 would translate to 192.168.8.2 on the outside interface
and
192.168.2.2 port 6010 would translate to 192.168.8.8 on the outside interface
Iam using an ASA 5510 Firewall.
07-10-2007 09:30 AM
Hi
Try this
access-list ps1 permit tcp host 192.168.2.2 any eq 6000
access-list ps2 permit tcp host 192.168.2.2 any eq 6010
nat (inside) 1 access-list ps1
nat (inside) 2 access-list ps2
global (outside) 1 192.168.8.2
global (outside) 2 192.168.8.8
HTH
Jon
07-10-2007 09:43 AM
I'd do it this way:
static (inside,outside) tcp 192.168.8.2 6000 192.168.2.2 6000 netmask 255.255.255.255
static (inside,outside) tcp 192.168.8.8 6010 192.168.2.2 6010 netmask 255.255.255.255
access-list acl-inbound permit tcp any host 192.168.8.2 eq 6000
access-list acl-inbound permit tcp any host 192.168.8.2 eq 6010
access-group acl-inbound in interface outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide