One IP translated to two on ASA 5510

ericluoma · ‎07-10-2007

Can I have on PC on the inside of my firewall say 192.168.2.2 go out through my firewall on ports 6000 and 6010, but show up on the other side as two IP's depending on which port it is talking to.

So,

192.168.2.2 port 6000 would translate to 192.168.8.2 on the outside interface

and

192.168.2.2 port 6010 would translate to 192.168.8.8 on the outside interface

Iam using an ASA 5510 Firewall.

Jon Marshall · ‎07-10-2007

Hi

Try this

access-list ps1 permit tcp host 192.168.2.2 any eq 6000

access-list ps2 permit tcp host 192.168.2.2 any eq 6010

nat (inside) 1 access-list ps1

nat (inside) 2 access-list ps2

global (outside) 1 192.168.8.2

global (outside) 2 192.168.8.8

HTH

Jon

cmcbride · ‎07-10-2007

I'd do it this way:

static (inside,outside) tcp 192.168.8.2 6000 192.168.2.2 6000 netmask 255.255.255.255

static (inside,outside) tcp 192.168.8.8 6010 192.168.2.2 6010 netmask 255.255.255.255

access-list acl-inbound permit tcp any host 192.168.8.2 eq 6000

access-list acl-inbound permit tcp any host 192.168.8.2 eq 6010

access-group acl-inbound in interface outside