Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA and multiple ports to one internal IP

Hello all,

I am hoping this is an easy one.

I know that I can port forward one at a time to an internal IP, but what I am wanting to do is forward ports 10000 through 20000 to an internal IP.

Call me crazy but it will get really boring/confusing/tiring to add 10000 PATs as opposed to one simple line that does them all.

So can someone give it to me straight, I promise I'll take it like a mature adult! :)

4 REPLIES
Cisco Employee

Re: ASA and multiple ports to one internal IP

well you can add 1-1 static ,

static (inside,outside) x.x.x.x y.y.y.y and open ports in Access-list

there is no way to do it via port forwarding

Silver

Re: ASA and multiple ports to one internal IP

Can it be done with Pix or ASA? No

Can it be done with Checkpoint or Juniper? Yes

New Member

Re: ASA and multiple ports to one internal IP

I only have one IP (and it is DHCP) from ISP.

So I only will be able to PAT and not NAT for my purposes.

I have one server that is WWW, FTP, and shoutcast, and a different server that is VoIP, and yet another server for a couple of other purposes. I need to be able to forward multiple ports to each machine, of course the ports are different for each machine.

New Member

Re: ASA and multiple ports to one internal IP

Ok let's try a different approach...

On the ASA, I am getting a DHCP address from my ISP.

I need people on the outside world to be able to get FTP, WWW, SIP, etc. on various servers I have on the inside of my ASA.

Is there a way to say:

for all WWW (port 80 and 8080), FTP (port 21) traffic go to 192.168.2.160 with just one line, or do I have to make a 'static' entry for each port?

As for my trixbox setup it uses, of course, the SIP port, but from what I have read it also wants ports 10000 through 20000 opened. So can I have on line saying if you hit my outside IP on any port from 10000 to 20000 go to trixbox, or am I going to have to have 10000 lines for this purpose?

i.e.:

static (inside,outside) tcp interface 10000 192.168.123.5 10000 netmask 255.255.255.255

static (inside,outside) tcp interface 10001 192.168.123.5 10001 netmask 255.255.255.255

static (inside,outside) tcp interface 10002 192.168.123.5 10002 netmask 255.255.255.255

static (inside,outside) tcp interface 10003 192.168.123.5 10003 netmask 255.255.255.255

static (inside,outside) tcp interface 10004 192.168.123.5 10004 netmask 255.255.255.255

static (inside,outside) tcp interface 10005 192.168.123.5 10005 netmask 255.255.255.255

static (inside,outside) tcp interface 10006 192.168.123.5 10006 netmask 255.255.255.255

static (inside,outside) tcp interface 10007 192.168.123.5 10007 netmask 255.255.255.255

static (inside,outside) tcp interface 10008 192.168.123.5 10008 netmask 255.255.255.255

static (inside,outside) tcp interface 10009 192.168.123.5 10009 netmask 255.255.255.255

static (inside,outside) tcp interface 10010 192.168.123.5 10010 netmask 255.255.255.255

static (inside,outside) tcp interface 10011 192.168.123.5 10011 netmask 255.255.255.255

157
Views
4
Helpful
4
Replies
CreatePlease login to create content