Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA nat based on destination port

Hello,

 

I would like to be able to pat a device based on the destination port.  For example:

 

10.10.10.49 (any source any destination) ---- 10.10.10.50 (asa) ----- PAT to ----- 222.222.222.222

 

But also be able to do this:

 

10.10.10.49 (any source, destination port 25) ---- 10.10.10.50 (asa) -----PAT to ----- 223.223.223.223

 

Is this possible to do with ASA version 9.1?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Hello, It is possible with

Hello,

 

It is possible with Twice Nat Dan.

 

So  first of all 

10.10.10.49 (any source any destination) ---- 10.10.10.50 (asa) ----- PAT to ----- 222.222.222.222

For that one you could simply do a one to one translation or a PAT which does not makes sense to do a PAT for just a single IP address

10.10.10.49 (any source, destination port 25) ---- 10.10.10.50 (asa) -----PAT to ----- 223.223.223.223

For this one you can do 

object service TCP_SMTP_Destination

service tcp destination eq 25

object network host_10.10.10.49

host 10.10.10.49

object host host_223.223.223.223

 

Then

nat (inside,outside) source dynamic host_10.10.10.49 host_223.223.223.223 destination static any any service TCP_SMTP_Destination TCP_SMTP_Destination

 

Makes sense?

 

Regards

 

 

 

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
2 REPLIES

Hello, It is possible with

Hello,

 

It is possible with Twice Nat Dan.

 

So  first of all 

10.10.10.49 (any source any destination) ---- 10.10.10.50 (asa) ----- PAT to ----- 222.222.222.222

For that one you could simply do a one to one translation or a PAT which does not makes sense to do a PAT for just a single IP address

10.10.10.49 (any source, destination port 25) ---- 10.10.10.50 (asa) -----PAT to ----- 223.223.223.223

For this one you can do 

object service TCP_SMTP_Destination

service tcp destination eq 25

object network host_10.10.10.49

host 10.10.10.49

object host host_223.223.223.223

 

Then

nat (inside,outside) source dynamic host_10.10.10.49 host_223.223.223.223 destination static any any service TCP_SMTP_Destination TCP_SMTP_Destination

 

Makes sense?

 

Regards

 

 

 

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Yes this all makse sense.  I

Yes this all makse sense.  I will give it a try.

 

Thanks,

Dan.

490
Views
0
Helpful
2
Replies
CreatePlease to create content