Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA 5515 8.6 Simple Nat Issue

Recently I upgraded several appliances from the old Pix 501 to 5515. I am struggling trying to simply set up a static route.

On the old routers I would enter the command as such                  

         access-list outside_access_in extended permit tcp any host 8.8.8.8 eq 3391

          static (inside,outside) tcp interface 3392 10.0.0.52 3391 netmask 255.255.255.255

Boom done!

On 8.4 I thought:

        

          object network Remotepc3391

          host 10.0.0.52

         

          object-group service remote3391 tcp

          port-object eq 3391

          access-list outside_access_in extended permit tcp any eq 3391 any eq 3391

          nat (Inside,Outside) source static Remotepc3391 Remotepc3391 service 3391 3391

But it does not work. I am sure I am missing something stupid but I can't see what. So can someone please simply convert the above command for my old firewall to the correct commands for my new firewall. Once I see it properly done I am sure it will click.

Thanks.

    

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Cisco ASA 5515 8.6 Simple Nat Issue

Hi,

Try the following

object network REMOTEPC

host 10.0.0.52

nat (Inside,Outside) static interface service tcp 3391 3391

access-list outside_access_in remark Allow TCP/3391

access-list outside_access_in permit tcp any object REMOTEPC eq 3391

Depending on how you have configured the rest of your NAT we might need to make modification so that they dont override this NAT configuration.

- Jouni

2 REPLIES
Super Bronze

Cisco ASA 5515 8.6 Simple Nat Issue

Hi,

Try the following

object network REMOTEPC

host 10.0.0.52

nat (Inside,Outside) static interface service tcp 3391 3391

access-list outside_access_in remark Allow TCP/3391

access-list outside_access_in permit tcp any object REMOTEPC eq 3391

Depending on how you have configured the rest of your NAT we might need to make modification so that they dont override this NAT configuration.

- Jouni

Community Member

Re: Cisco ASA 5515 8.6 Simple Nat Issue

Thanks Jouni I tried that and it works perfect!

362
Views
0
Helpful
2
Replies
CreatePlease to create content