Identify the real addresses and destination/source addresses using an extended access list. Create the extended access list using the access-list extended command (see the âAdding an Extended Access Listâ section on page 16-5). The protocol in the access list must match the protocol you set in this command. For example, if you specify tcp in the static command, then you must specify tcp in the access list. Specify the port using the eq operator.
The first address in the access list is the real address; the second address is either the source or destiniation address, depending on where the traffic originates. For example, to translate the real address 10.1.1.1/Telnet to the mapped address 192.168.1.1/Telnet when 10.1.1.1 sends traffic to the 18.104.22.168 network, the access-list and static commands are:
This is almost what I am looking for. The only modification I need to this is that I need to add port redirection to the static policy PAT you have shown above. For example, I need an external source IP address to be able to send FTP traffic to a translated address on port 21, but then have the ASA redirect 21 to 13000 on the inside FTP server because that's what it is really listening on. And I need this behavior to work only for one specific external IP address, which is where the policy PAT comes in. Is this possible?
I have been able to configure port redirection on an ASA and this is how I did it: "static (inside,outside) tcp interface 61399 172.31.1.x 61399" What this NAT statement does is redirect all traffic destined to the outside interface on port 61399 and redirects to an internal host on port 61399. If that is what you are looking for then you can use that statement by changing it to match how your firewall is configured and it should work.
I've used that form before and so I'm familiar with its use. However, I need to be able to redirect one port from the translated address to a different port on the inside address AND have this only happen only when the traffic is being sent from one specific source IP address on the Internet. Can this be done?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...