Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15948
Views
0
Helpful
7
Replies

ASA Configuration Assistance

Go to solution
rbill1967
Level 1
Level 1

‎03-04-2010 08:03 AM - last edited on ‎02-21-2020 11:20 PM by Community Manager

Need to know what is the specific command on natting an ip to another ip via a port number.  Here is an example of what I think it should be but can't find the correct verbege.

This what I have listed which opens it up to any IP.

access-list 101 extended permit tcp any host 68.156.91.20 eq 23032

Here is what I would like to see, but I know the verbage is wrong or I am missing something more.

access-list 101 extended permit ip 74.165.236.76  255.255.255.248  68.156.91.20  255.255.255.224 eq 23032

Please assist?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to rbill1967

‎03-05-2010 08:04 AM

That is exactly right. Note that when you look at the config it will replace it with this line-

access-list 101 extended permit tcp host 74.165.236.76  host 68.156.91.20 eq 23032

When you write the ACL you can either enter 255.255.255.255 or precede the IP with the keyword host.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎03-04-2010 09:25 AM

Oh so close!

access-list 101 extended permit tcp 74.165.236.76  255.255.255.248  68.156.91.20  255.255.255.224 eq 23032

This is just the ACL though and you mentioned NAT. Will you be NATing from one port to another?

0 Helpful

Go to solution
rbill1967
Level 1
Level 1
In response to Collin Clark

‎03-04-2010 09:50 AM

Yeah tried that one, but it didn't work.  It's message.

ERROR: IP address,mask <74.165.236.76,255.255.255.248> doesn't pair

Probably something wrong with the IP's mask?

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to rbill1967

‎03-04-2010 11:39 AM

Yes there is. You need to specify the subnet and not a host in it.

access-list 101 extended permit tcp 74.165.236.72  255.255.255.248  68.156.91.0  255.255.255.224 eq 23032

You can specify just a host too.

0 Helpful

Go to solution
rbill1967
Level 1
Level 1
In response to Collin Clark

‎03-04-2010 01:20 PM

It worked in placing that information in their now.  I just need to be sure the agency can access it.  I have another one as well, trying to determine its subnet host.

You have a useful tool on getting that information faster?

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to rbill1967

‎03-04-2010 01:35 PM

You bet. Here's a link to a free subnet calculator.

http://www.solarwinds.com/products/freetools/free_subnet_calculator.aspx

0 Helpful

Go to solution
rbill1967
Level 1
Level 1
In response to Collin Clark

‎03-05-2010 07:21 AM

One more question Collin, specifiying the subnet was easy.  Now locking it down to a specific IP, is that impossible?  Does the command look something like this?

access-list 101 extended permit tcp 74.165.236.76 255.255.255.255 68.156.91.20 255.255.255.255 eq 23032

Will this work?  Overall this is where I am trying to get to.

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to rbill1967

‎03-05-2010 08:04 AM

That is exactly right. Note that when you look at the config it will replace it with this line-

access-list 101 extended permit tcp host 74.165.236.76  host 68.156.91.20 eq 23032

When you write the ACL you can either enter 255.255.255.255 or precede the IP with the keyword host.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card