Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Port forwards for Polycom camera

Hello everyone,

I am trying to set up a Cisco ASA 5510 running 8.2 to allow a connection to a Polycom camera that sits behind it. What I want to do is forward multiple ports to allow a connection from an outside office. The polycom camera uses the following ports:

1720    tcp

3230-3235    tcp

3230-3253    udp

I got these port numbers from the Polycom web site. So what I did was create a service object as follows:

object-group service All-Polycom-ports
 service-object tcp range 3230 3235 
 service-object tcp eq h323 
 service-object udp range 3230 3253 

My question is how can I use this service object in a static (inside,outside) command so that I don't have to create multiple commands for the port forwarding. Is this even possible or do I have to sit down and write out around 30 seperate commands to do this. I've been searching the web and it seems a lot of people want to do this but so far I haven't found an answer.

Any help or suggestions would be greatly appreciated and thanks in advance.

P.S. I'm no expert when it comes to the ASA

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions

Port forwards for Polycom camera

Hello,

They created this because we can use it on the ACL configuration ( just one line instead of a bunch of them)

Why not on the NAT? I do not know but is sounds fair to me that if you want to nat 1550 ports as an example, why don't you nat the whole Ip address instead of just those ports.

Glad I could help,

Mark the question as answered if there is not other question I can answer from you,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

Port forwards for Polycom camera

Hello,

For NAT on 8.2 you will need to do it one by one ( so it will mean use a static one to one to make it easier)

Now beginning at 8.3 you can start using object-group for services that you could use to perform the nat translation you are looking for.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Port forwards for Polycom camera

Julio,

Thanks for the reply although that's not what I wanted to hear    

Do you know why they would even allow you to create the service groups in 8.2 if you can't use them with NAT? Seems crazy but it is what it is. Thanks for your help.

Louis

Port forwards for Polycom camera

Hello,

They created this because we can use it on the ACL configuration ( just one line instead of a bunch of them)

Why not on the NAT? I do not know but is sounds fair to me that if you want to nat 1550 ports as an example, why don't you nat the whole Ip address instead of just those ports.

Glad I could help,

Mark the question as answered if there is not other question I can answer from you,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
682
Views
0
Helpful
3
Replies
CreatePlease to create content