01-25-2010 01:37 PM - edited 03-11-2019 10:01 AM
Hi,
I need to forward 10000 UDP ports to inside host. I only have 1 address outside so I can't use NAT and access list.
How can I accomplish that without typing static command 10000 times ?
Thanks
01-25-2010 02:28 PM
There is no other way to do it.
1-1 PAT is your only option.
The reason is that the ASA will not be able to guess what ports to dynamically PAT and what to keep intact.
I hope it makes sense.
PK
01-25-2010 06:23 PM
You are correct you need to add 10,000 static pat lines.
You can use a script to create them and then tftp the file to the firewall.
-KS
01-25-2010 06:48 PM
OK - It's not a problem to use text processor and prepare 10000 commands but HOW would that affect performance of ASA ?
01-25-2010 07:55 PM
Good question.
"The max config size is limited by the size of flash. The 525 and 535
have a 16 MB Flash card. The 7.2 image is 8.2 MB. The ASDM image is
5.5 MB This leaves a little over 2 megs for all configs. This includes
system and all context configs.
The ASA has an internal and external compact flash slot, so your config
sizes can be much larger."
We have seen cpu spike issues with larger config files (about 3 MB). These were due to huge ACE and not static lines that
you are talking about so you should be fine. Good luck.
-KS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: