Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA and multiple ports to one internal IP

Hello all,

I am hoping this is an easy one.

I know that I can port forward one at a time to an internal IP, but what I am wanting to do is forward ports 10000 through 20000 to an internal IP.

Call me crazy but it will get really boring/confusing/tiring to add 10000 PATs as opposed to one simple line that does them all.

So can someone give it to me straight, I promise I'll take it like a mature adult! :)

Cisco Employee

Re: ASA and multiple ports to one internal IP

well you can add 1-1 static ,

static (inside,outside) x.x.x.x y.y.y.y and open ports in Access-list

there is no way to do it via port forwarding


Re: ASA and multiple ports to one internal IP

Can it be done with Pix or ASA? No

Can it be done with Checkpoint or Juniper? Yes

New Member

Re: ASA and multiple ports to one internal IP

I only have one IP (and it is DHCP) from ISP.

So I only will be able to PAT and not NAT for my purposes.

I have one server that is WWW, FTP, and shoutcast, and a different server that is VoIP, and yet another server for a couple of other purposes. I need to be able to forward multiple ports to each machine, of course the ports are different for each machine.

New Member

Re: ASA and multiple ports to one internal IP

Ok let's try a different approach...

On the ASA, I am getting a DHCP address from my ISP.

I need people on the outside world to be able to get FTP, WWW, SIP, etc. on various servers I have on the inside of my ASA.

Is there a way to say:

for all WWW (port 80 and 8080), FTP (port 21) traffic go to with just one line, or do I have to make a 'static' entry for each port?

As for my trixbox setup it uses, of course, the SIP port, but from what I have read it also wants ports 10000 through 20000 opened. So can I have on line saying if you hit my outside IP on any port from 10000 to 20000 go to trixbox, or am I going to have to have 10000 lines for this purpose?


static (inside,outside) tcp interface 10000 10000 netmask

static (inside,outside) tcp interface 10001 10001 netmask

static (inside,outside) tcp interface 10002 10002 netmask

static (inside,outside) tcp interface 10003 10003 netmask

static (inside,outside) tcp interface 10004 10004 netmask

static (inside,outside) tcp interface 10005 10005 netmask

static (inside,outside) tcp interface 10006 10006 netmask

static (inside,outside) tcp interface 10007 10007 netmask

static (inside,outside) tcp interface 10008 10008 netmask

static (inside,outside) tcp interface 10009 10009 netmask

static (inside,outside) tcp interface 10010 10010 netmask

static (inside,outside) tcp interface 10011 10011 netmask

CreatePlease login to create content