How to translate Port

Unanswered Question
Nov 8th, 2006
User Badges:

How do I do this?


Currently I have a Static Nat policy that translates Internal IP 192.168.1.10 -> 144.10.10.15 (external)


I have ACLs permitting users from the outside to allow Port 80 for anyone on this 144.10.10.15


How do I set it up so 144.10.10.15 Port 8080 is translated to 192.168.1.10 Port 80


External ( 144.10.10.15:8080 <-> 192.168.1.10:80 )


Is this possible and how woyuld I do this on ASA5500.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
t-heeter Wed, 11/08/2006 - 13:04
User Badges:

static (inside,outside) tcp 144.10.10.15 8080 192.168.1.10 www netmask 255.255.255.255


or


static (inside,outside) tcp interface 8080 192.168.1.10 www netmask 255.255.255.255


if 144.10.10.15 is outside interface

cisconoobie Wed, 11/08/2006 - 15:15
User Badges:

Thanks for the response but I get an error


ERROR: duplicate of existing static

inside:192.168.1.10 to outside:144.10.10.15 netmask 255.255.255.255

Usage: [no] static [(real_ifc, mapped_ifc)]

{|interface}

{ [netmask ]} | {access-list }

[dns]

]]

[udp ]

[no] static [(real_ifc, mapped_ifc)] {tcp|udp}

{|interface}

{ [netmask ]} |

{access-list }

[dns]

]]

[udp ]

show running-config [all] static []

clear configure static




I already have regular static NAT for these addresses and ACLs to allow port 80, smtp, and other ports to this internal IP.


I want to make sure only Port 8080 to changed to Port 80, not the others like smtp, etc.


Any Idea ?



Collin Clark Wed, 11/08/2006 - 16:07
User Badges:
  • Purple, 4500 points or more

You can't translate the entire IP and then do a port ranslation with the same address. You'll have to remove the full NAT and add them as port translations even thought they don't really translate. Outside users will lose conenctivity and you might have to 'clear xlate'!


Remove

static (inside,outside) 144.10.10.15 192.168.1.10 netmask 255.255.255.255 0 0


Add

static (inside,outside) tcp 144.10.10.15 www 192.168.1.10 www netmask 255.255.255.255 0 0

Fernando_Meza Wed, 11/08/2006 - 19:52
User Badges:
  • Gold, 750 points or more

Hi .. you need to remove the one to one static and add a series of port translations if you want to use the same public IP address


no static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

clear xlate

static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80 netmask 255.255.255.255

static (inside,outside) tcp x.x.x.x 25 y.y.y.y 25 netmask 255.255.255.255


.

.

.

.

.

static (inside,outside) tcp x.x.x.x 8080 y.y.y.y 80 netmask 255.255.255.255


Note: clear xlate will kill and established connections and will forze then to reconnect.


I hope it helsp .. please rate it if it does !!!




Actions

This Discussion