Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

The scope of port mapping

I want to map the TCP 999-120 to the public

Internal server is 10.10.3.189

1.1.1.1 is public network address

What should I do?

ASA 5512 IOS 8.6I want to map the TCP 999-120 to the public
Internal server is 10.10.3.189
1.1.1.1 is public network address
What should I do?
ASA 5512 IOS 8.6

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

The scope of port mapping

Hi,

Do you mean range TCP/120-999 ?

Is the example IP 1.1.1.1 configured on your external interface of the ASA?

If so them the configuration could be

object server TCP120-999

service tcp source range 120 999

object network HOST

host 10.10.3.189

nat (inside,outside) source static HOST interface service TCP120-999 TCP120-999

You would also have to add ACL statement to allow this traffic from the external network. This configurations depends if you have an existing ACL or not.

The below presumes you have no existing ACL configured

access-list OUTSIDE-IN remark Allow TCP/120-999

access-list OUTSIDE-IN permit tcp any object HOST range 120 999

access-group OUTSIDE-IN in interface outside

If you have an existing ACL then just replace the ACL name and add the lines (in this case you dont use the "access-group" comnand at all)

Let me know if this was what you were looking for

- Jouni

2 REPLIES
Super Bronze

The scope of port mapping

Hi,

Do you mean range TCP/120-999 ?

Is the example IP 1.1.1.1 configured on your external interface of the ASA?

If so them the configuration could be

object server TCP120-999

service tcp source range 120 999

object network HOST

host 10.10.3.189

nat (inside,outside) source static HOST interface service TCP120-999 TCP120-999

You would also have to add ACL statement to allow this traffic from the external network. This configurations depends if you have an existing ACL or not.

The below presumes you have no existing ACL configured

access-list OUTSIDE-IN remark Allow TCP/120-999

access-list OUTSIDE-IN permit tcp any object HOST range 120 999

access-group OUTSIDE-IN in interface outside

If you have an existing ACL then just replace the ACL name and add the lines (in this case you dont use the "access-group" comnand at all)

Let me know if this was what you were looking for

- Jouni

New Member

The scope of port mapping

Thinks

106
Views
0
Helpful
2
Replies
CreatePlease to create content