Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Configure port forwarding for both 500 and 4500 on ASA 5550

Hello I am trying to open up port forwarding for both 500 and 4500 as below but if i try to add tcp 4500 the 500 is removed; is there any way both can be added. sorry am new to firewalls and would be grateful to have some insight on it please?

object network obj-VPN(1:1)
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

 

 

Many Thanks

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi Kaushik,All you need is to

Hi Kaushik,

All you need is to use two different object's to achieve it..you cannot bind that in a single object with 2 NAT rules.....

object network obj-VPN-500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

object network obj-VPN-4500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 4500 4500

 

Regards

Karthik

 

 

4 REPLIES

Hi Kaushik,All you need is to

Hi Kaushik,

All you need is to use two different object's to achieve it..you cannot bind that in a single object with 2 NAT rules.....

object network obj-VPN-500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 500 500

object network obj-VPN-4500

host xxx.xxx.xxx.xxx
 nat (inside,outside) static xxx.xxx.xxx.xxx service tcp 4500 4500

 

Regards

Karthik

 

 

Community Member

Thanks Karthik for your reply

Thanks Karthik for your reply.

object network obj-VPN(1:1)
 host xxx.xxx.xxx.xxx

object network obj-VPN(1:1)
 nat (inside,outside) static AAA.AAA.AAA.AAA

i have the above set at the moment; so do i have to create two separate NATs with two Public IPs?

 

or can use the two objects to NAT to the same public IP?

 

 

Super Bronze

Hi, You will be using the

Hi,

 

You will be using the same public IP address in both if you configure Static PAT (Port Forward)

 

So you create an "object" for both Static PAT configurations and you will use the same public IP address in both but forward a separate port in each Static PAT configurations.

 

Karthik provided the Static PAT configurations format above.

 

If you were configuring Static NAT (which you arent) you would need separate public IP addresses.

 

- Jouni

Hi Kaushik, Both the options

Hi Kaushik,

 

Both the options you can do... either with the single IP or with different IP's... I hope by looking at your earlier configuration it seems that you were trying to do with single/same IP...

 

Regards

Karthik

498
Views
5
Helpful
4
Replies
CreatePlease to create content