How do I map many ports to several different internal ips with one outside static ip address
I have one external ip address of 220.127.116.11. Then i have two different servers. One server is running https and smtp. I'm able to create my acls and static mappings to get that working. Now the second server i have about ALOT of ports (10000 - 65000) i need to forward to it. Making thousands of static entries can't be the answer because the cheapo netgear im replacing the Cisco ASA 5510 with was able to do it in one line.
How do I map many ports to several different internal ips with o
I guess the best situation would be to have a dedicated public IP address for this host for Static NAT instead of Static PAT. Though I imagine you have thought about this and its not possible either because some cost issues or because of the ISP.
To my understanding there has never been an option (until now in the new softwares) to forward a continuous range of ports. So in the current software it seems to me that the only option is a huge amout of Static PAT configurations or a Static NAT with an extra public IP.
You can only forward a continuous range of ports in the software levels 8.3 (and above).
With the jump from 8.2 to 8.3 the ASA got its NAT totally reworked. I imagine you have pretty simple configurations otherwise related to NAT so it wouldnt be such a big jump for you as for others that have large NAT configurations for their companys firewall.
The new NAT format still has its shortcomings and has the problem that you need several NAT configurations still to achieve some things.
I would for example want that we could use "object-group service" as the parameter of NAT configurations but this is not possible yet and I am not sure will it be.
In the new software a Static PAT (Port Forward) for a range of ports could be done with
object service PORT-RANGE
service tcp source range 10000 65000
object network HOST
nat (inside,outside) source static HOST interface service PORT-RANGE PORT-RANGE
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...