Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Port translate 2 ports back to the same place?

Using NAT is it possible to Port Translate 2 ports ie tcp 80 and tcp 81 back to tcp 80 on 1 ip address?

ie.

static (inside,outside) tcp interface 80 10.10.10.10 80 netmask 255.255.255.255
static (inside,outside) tcp interface 81 10.10.10.10 80 netmask 255.255.255.255

I understand that it would not be possible with a one-to-one static mapping, but with port translation I assumed it would be no problem.

However, the ASA rejects due to a conflict.

Could someone explain technically the reasons for this?

Thanks.

1 REPLY

Re: Port translate 2 ports back to the same place?

Hi,

The ASA will not allow a mapping of the same internal IP and the same port to different ports.

There's no obvious problem for incoming traffic.

But the reason is the outgoing reply.

When a packet sourcing from IP 10.10.10.10 on port 80 gets to the ASA, the ASA will not know if translate it to port 81 or leave it with port 80 as both above static statements overlap.

Hope it helps.

Federico.

141
Views
0
Helpful
1
Replies
CreatePlease to create content