cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
0
Helpful
2
Replies

Assistance with a PAT task on ASA 5505

Dean Romanelli
Level 4
Level 4

Hi All,

I have an ASA 5505 on code asa916-k8 (new code). In the DMZ, I have two servers: a spam filter and an email server - 10.10.10.7 and 10.10.10.2 respectively.  The requirement from management is that both servers need to have the same public IP - 138.xxx.xx.150 and accessed from the outside based on TCP source port:

1. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 25, PAT to 10.10.10.7 port 25

2. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 225, PAT to 10.10.10.2 port 25

3. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 80, PAT to 10.10.10.2 port 80

4. When traffic from internet comes into ASA & hits server IP 138.xxx.xx.150 on port 443, PAT to 10.10.10.2 port 443

How can I arrange my NAT statements to accommodate this on asa916 code? Tried for 4-5 hours unsuccessfully last night.

1 Accepted Solution

Accepted Solutions

Hi Dean,

Please configure the following NAT rules and allow traffic as mentioned below:

object network OBJ-10.10.10.7-25
host 10.10.10.7
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 25
!
object network OBJ-10.10.10.2-25
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 225
!
object network OBJ-10.10.10.2-80
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 80 80
!
object network OBJ-10.10.10.2-443
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 443 443
!

Allow destination TCP port 25, 80 and 443 for IP 10.10.10.2. Also allow destination TCP port 25 for IP 10.10.10.7.

Spooster IT Services Team

View solution in original post

2 Replies 2

Hi Dean,

Please configure the following NAT rules and allow traffic as mentioned below:

object network OBJ-10.10.10.7-25
host 10.10.10.7
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 25
!
object network OBJ-10.10.10.2-25
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 25 225
!
object network OBJ-10.10.10.2-80
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 80 80
!
object network OBJ-10.10.10.2-443
host 10.10.10.2
nat (DMZ,OUTSIDE) static 138.xxx.xx.150 service tcp 443 443
!

Allow destination TCP port 25, 80 and 443 for IP 10.10.10.2. Also allow destination TCP port 25 for IP 10.10.10.7.

Spooster IT Services Team

Works great. Thank you very much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: