asa 8.3 multiple static PAT's to the same server/Network_object?

sossie · ‎11-23-2010

Hi all,

Something I have found a bit confusing and am not sure I am doing correctly with the new "network object" setup is this:

Say I have several servers behind 1 public IP address and several publically accessable services running on the different servers (eg http, https, ftp, smtp, pop3). Under the pre (8.3) verisons I could just make as many "Static PATs" as I liked through to whatever server. All good.

Now if I have one server that runs two public services I have to create two "network objects" for that server. e.g:

object network EmailServer-smtp

nat (Inside,Outside) static X.X.X.X service tcp 25 25

object network EmailServer-pop3

nat (Inside,Outside) static X.X.X.X service tcp 110 110

It would be nice if I could do this for example:

object network EmailServer

nat (Inside,Outside) static X.X.X.X service tcp 25 25

nat (Inside,Outside) static X.X.X.X service tcp 110 110

Is there a better way do achieve what I want?

Cheers, Simon.

mirober2 · ‎11-23-2010

Hi Simon,

Unfortunately, this is not currently possible and you'll need separate objects for each nat statement.

There is an enhancement request filed to address this:

CSCte96293 - ENH: Objects should support multiple nat/service commands

If/when this enhancement is resolved, you'll be able to achieve what you're looking for.

Hope that helps.

-Mike