Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 forward range of ports

Hi,

I need to forward 10000 UDP ports to inside host. I only have 1 address outside so I can't use NAT and access list.

How can I accomplish that without typing static command 10000 times ?

Thanks

4 REPLIES
Cisco Employee

Re: ASA 5505 forward range of ports

There is no other way to do it.

1-1 PAT is your only option.

The reason is that the ASA will not be able to guess what ports to dynamically PAT and what to keep intact.

I hope it makes sense.

PK

Cisco Employee

Re: ASA 5505 forward range of ports

You are correct you need to add 10,000 static pat lines.

You can use a script to create them and then tftp the file to the firewall.

-KS

Community Member

Re: ASA 5505 forward range of ports

OK - It's not a problem to use text processor and prepare 10000 commands but HOW would that affect performance of ASA ?

Cisco Employee

Re: ASA 5505 forward range of ports

Good question.

"The max config size is limited by the size of flash.  The 525 and 535
have a 16 MB Flash card.  The 7.2 image is 8.2 MB.  The ASDM image is
5.5 MB  This leaves a little over 2 megs for all configs.  This includes
system and all context configs.

The ASA has an internal and external compact flash slot, so your config
sizes can be much larger."

We have seen cpu spike issues with larger config files (about 3 MB). These were due to huge ACE and not static lines that
you are talking about so you should be fine. Good luck.

-KS




696
Views
5
Helpful
4
Replies
CreatePlease to create content