Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic and Static PAT using a single public IP

Hi,

 

I'm trying to configure PAT on a new ASA-5510 running 9.0(3) and I'm having some issues.

 

In our setup we have a single public IP address(lets say 127.1.1.1) which is assigned to the outside interface, and we need to use that for both dynamic PAT to allow all machines in our 10.1.0.0 255.255.255.0 subnet hit the outside world, as well as allow the outside world FTP access to (10.1.0.124) on the inside using static PAT.

 

I have dynamic PAT working and we are able to hit the outside world, but I can't get the static service PAT working to forward FTP traffic. 

 

The configuration looks like this right now:

 

object network obj-10.1.0.124
    host 10.1.0.124

object network obj-10.1.0.0
    subnet 10.1.0.0 255.255.255.0

nat (infra,outside) source dynamic obj-10.1.0.0 interface

!
object network obj-10.1.0.124
    nat (infra,outside) static interface service tcp 21 21

 

Should the dynamic PAT rule also be written as a network object rule?

 

Thanks!

Steve

 

 

5 REPLIES

That looks correct, just add

That looks correct, just add another static PAT for TCP port 20 as well.

Here's a link to a useful Doc :

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

Manish

New Member

Thanks for your reply.  It

Thanks for your reply.  It isn't working though so I'm not sure what the problem is, adding another PAT translation for port 20 did not help either.

Please post the output of the

Please post the output of the following :

show nat detail

show run nat

Manish

New Member

Thanks for your help Manish,

Thanks for your help Manish, I figured it out.

-Steve

New Member

Changing the global PAT to an

Changing the global PAT to an object PAT rule got everything working correctly.
 

object network obj-10.1.0.0
 subnet 10.1.0.0 255.255.255.0

object network obj-ftp-access
 host 10.1.0.124

object network obj-10.1.0.0
 nat (infra,outside) dynamic interface

object network obj-ftp-access
 nat (infra,outside) static interface service tcp 21 21

 

 

107
Views
0
Helpful
5
Replies
CreatePlease login to create content