Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

One IP translated to two on ASA 5510

Can I have on PC on the inside of my firewall say 192.168.2.2 go out through my firewall on ports 6000 and 6010, but show up on the other side as two IP's depending on which port it is talking to.

So,

192.168.2.2 port 6000 would translate to 192.168.8.2 on the outside interface

and

192.168.2.2 port 6010 would translate to 192.168.8.8 on the outside interface

Iam using an ASA 5510 Firewall.

2 REPLIES
Hall of Fame Super Blue

Re: One IP translated to two on ASA 5510

Hi

Try this

access-list ps1 permit tcp host 192.168.2.2 any eq 6000

access-list ps2 permit tcp host 192.168.2.2 any eq 6010

nat (inside) 1 access-list ps1

nat (inside) 2 access-list ps2

global (outside) 1 192.168.8.2

global (outside) 2 192.168.8.8

HTH

Jon

Community Member

Re: One IP translated to two on ASA 5510

I'd do it this way:

static (inside,outside) tcp 192.168.8.2 6000 192.168.2.2 6000 netmask 255.255.255.255

static (inside,outside) tcp 192.168.8.8 6010 192.168.2.2 6010 netmask 255.255.255.255

access-list acl-inbound permit tcp any host 192.168.8.2 eq 6000

access-list acl-inbound permit tcp any host 192.168.8.2 eq 6010

access-group acl-inbound in interface outside

217
Views
0
Helpful
2
Replies
CreatePlease to create content