Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
996
Views
0
Helpful
3
Replies

Port forwards for Polycom camera

Go to solution
poplinl
Level 1
Level 1

‎08-20-2012 01:15 PM - edited ‎03-11-2019 04:44 PM

Hello everyone,

I am trying to set up a Cisco ASA 5510 running 8.2 to allow a connection to a Polycom camera that sits behind it. What I want to do is forward multiple ports to allow a connection from an outside office. The polycom camera uses the following ports:

1720    tcp

3230-3235    tcp

3230-3253    udp

I got these port numbers from the Polycom web site. So what I did was create a service object as follows:

object-group service All-Polycom-ports
 service-object tcp range 3230 3235 
 service-object tcp eq h323 
 service-object udp range 3230 3253

My question is how can I use this service object in a static (inside,outside) command so that I don't have to create multiple commands for the port forwarding. Is this even possible or do I have to sit down and write out around 30 seperate commands to do this. I've been searching the web and it seems a lot of people want to do this but so far I haven't found an answer.

Any help or suggestions would be greatly appreciated and thanks in advance.

P.S. I'm no expert when it comes to the ASA

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to poplinl

‎08-20-2012 04:48 PM

Hello,

They created this because we can use it on the ACL configuration ( just one line instead of a bunch of them)

Why not on the NAT? I do not know but is sounds fair to me that if you want to nat 1550 ports as an example, why don't you nat the whole Ip address instead of just those ports.

Glad I could help,

Mark the question as answered if there is not other question I can answer from you,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎08-20-2012 04:18 PM

Hello,

For NAT on 8.2 you will need to do it one by one ( so it will mean use a static one to one to make it easier)

Now beginning at 8.3 you can start using object-group for services that you could use to perform the nat translation you are looking for.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
poplinl
Level 1
Level 1
In response to Julio Carvajal

‎08-20-2012 04:27 PM

Julio,

Thanks for the reply although that's not what I wanted to hear    

Do you know why they would even allow you to create the service groups in 8.2 if you can't use them with NAT? Seems crazy but it is what it is. Thanks for your help.

Louis

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to poplinl

‎08-20-2012 04:48 PM

Hello,

They created this because we can use it on the ACL configuration ( just one line instead of a bunch of them)

Why not on the NAT? I do not know but is sounds fair to me that if you want to nat 1550 ports as an example, why don't you nat the whole Ip address instead of just those ports.

Glad I could help,

Mark the question as answered if there is not other question I can answer from you,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card