cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
925
Views
5
Helpful
4
Replies

ASA 5505 forward range of ports

walank2004
Level 1
Level 1

Hi,

I need to forward 10000 UDP ports to inside host. I only have 1 address outside so I can't use NAT and access list.

How can I accomplish that without typing static command 10000 times ?

Thanks

4 Replies 4

Panos Kampanakis
Cisco Employee
Cisco Employee

There is no other way to do it.

1-1 PAT is your only option.

The reason is that the ASA will not be able to guess what ports to dynamically PAT and what to keep intact.

I hope it makes sense.

PK

You are correct you need to add 10,000 static pat lines.

You can use a script to create them and then tftp the file to the firewall.

-KS

OK - It's not a problem to use text processor and prepare 10000 commands but HOW would that affect performance of ASA ?

Good question.

"The max config size is limited by the size of flash.  The 525 and 535
have a 16 MB Flash card.  The 7.2 image is 8.2 MB.  The ASDM image is
5.5 MB  This leaves a little over 2 megs for all configs.  This includes
system and all context configs.

The ASA has an internal and external compact flash slot, so your config
sizes can be much larger."

We have seen cpu spike issues with larger config files (about 3 MB). These were due to huge ACE and not static lines that
you are talking about so you should be fine. Good luck.

-KS




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: