How to translate Port

Unanswered Question
Nov 8th, 2006
User Badges:

How do I do this?

Currently I have a Static Nat policy that translates Internal IP -> (external)

I have ACLs permitting users from the outside to allow Port 80 for anyone on this

How do I set it up so Port 8080 is translated to Port 80

External ( <-> )

Is this possible and how woyuld I do this on ASA5500.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
t-heeter Wed, 11/08/2006 - 13:04
User Badges:

static (inside,outside) tcp 8080 www netmask


static (inside,outside) tcp interface 8080 www netmask

if is outside interface

cisconoobie Wed, 11/08/2006 - 15:15
User Badges:

Thanks for the response but I get an error

ERROR: duplicate of existing static

inside: to outside: netmask

Usage: [no] static [(real_ifc, mapped_ifc)]


{ [netmask ]} | {access-list }



[udp ]

[no] static [(real_ifc, mapped_ifc)] {tcp|udp}


{ [netmask ]} |

{access-list }



[udp ]

show running-config [all] static []

clear configure static

I already have regular static NAT for these addresses and ACLs to allow port 80, smtp, and other ports to this internal IP.

I want to make sure only Port 8080 to changed to Port 80, not the others like smtp, etc.

Any Idea ?

Collin Clark Wed, 11/08/2006 - 16:07
User Badges:
  • Purple, 4500 points or more

You can't translate the entire IP and then do a port ranslation with the same address. You'll have to remove the full NAT and add them as port translations even thought they don't really translate. Outside users will lose conenctivity and you might have to 'clear xlate'!


static (inside,outside) netmask 0 0


static (inside,outside) tcp www www netmask 0 0

Fernando_Meza Wed, 11/08/2006 - 19:52
User Badges:
  • Gold, 750 points or more

Hi .. you need to remove the one to one static and add a series of port translations if you want to use the same public IP address

no static (inside,outside) x.x.x.x y.y.y.y netmask

clear xlate

static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80 netmask

static (inside,outside) tcp x.x.x.x 25 y.y.y.y 25 netmask






static (inside,outside) tcp x.x.x.x 8080 y.y.y.y 80 netmask

Note: clear xlate will kill and established connections and will forze then to reconnect.

I hope it helsp .. please rate it if it does !!!


This Discussion