How do I NAT based on destination port while source port can be ANY
Goal - I want to forward Internet bound HTTP and HTTPS traffic to a Proxy via an IPSEC Tunnel - I want to maintain my private IP as it goes accross the IPSEC Tunnel - I also want remaining Internet Traffic to route Normally by NATing to my outside address.
In 8.4 this is quite easy as I can specify a destination port and have "any" source port for the NAT
Here is a snap shot of the config:
object service Proxy_HTTP
service tcp destination eq www
object service Proxy_HTTPS
service tcp destination eq https
nat (inside,outside) source static any any service Proxy_HTTP Proxy_HTTP
nat (inside,outside) source static any any service Proxy_HTTPS Proxy_HTTPS
object network Non_Proxy
nat (any,outside) dynamic interface
PROBLEM: I need this behavior in 8.2.x - I have found no way to mimic this.
You cannot use NAT Exemption as it cannot be port based
A static policy NAT with Access list will not work as you must specify a single source port - Since there is no way to predict the source port this wont work.
I don't see any of the other NAT Types working this way.
If there is a way to make this work in 8.2 please let me know - We have many ASAs and we are not ready to make the leap to 8.4 but we need to use the proxy.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...