×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Configure port forwarding for both 500 and 4500 on ASA 5550

Answered Question
Aug 1st, 2014
User Badges:

Hello I am trying to open up port forwarding for both 500 and 4500 as below but if i try to add tcp 4500 the 500 is removed; is there any way both can be added. sorry am new to firewalls and would be grateful to have some insight on it please?

object network obj-VPN(1:1)
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

 

 

Many Thanks

 

 

Correct Answer by nkarthikeyan about 3 years 2 weeks ago

Hi Kaushik,

All you need is to use two different object's to achieve it..you cannot bind that in a single object with 2 NAT rules.....

object network obj-VPN-500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

object network obj-VPN-4500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 4500 4500

 

Regards

Karthik

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
nkarthikeyan Fri, 08/01/2014 - 03:48
User Badges:
  • Gold, 750 points or more

Hi Kaushik,

All you need is to use two different object's to achieve it..you cannot bind that in a single object with 2 NAT rules.....

object network obj-VPN-500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

object network obj-VPN-4500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 4500 4500

 

Regards

Karthik

 

 

Kaushik Ray Fri, 08/01/2014 - 03:55
User Badges:

Thanks Karthik for your reply.

object network obj-VPN(1:1)
 host xxx.xxx.xxx.xxx

object network obj-VPN(1:1)
 nat (inside,outside) static AAA.AAA.AAA.AAA

i have the above set at the moment; so do i have to create two separate NATs with two Public IPs?

 

or can use the two objects to NAT to the same public IP?

 

 

Jouni Forss Fri, 08/01/2014 - 04:05
User Badges:
  • Super Bronze, 10000 points or more

Hi,

 

You will be using the same public IP address in both if you configure Static PAT (Port Forward)

 

So you create an "object" for both Static PAT configurations and you will use the same public IP address in both but forward a separate port in each Static PAT configurations.

 

Karthik provided the Static PAT configurations format above.

 

If you were configuring Static NAT (which you arent) you would need separate public IP addresses.

 

- Jouni

nkarthikeyan Fri, 08/01/2014 - 04:04
User Badges:
  • Gold, 750 points or more

Hi Kaushik,

 

Both the options you can do... either with the single IP or with different IP's... I hope by looking at your earlier configuration it seems that you were trying to do with single/same IP...

 

Regards

Karthik

Actions

This Discussion