here's an example where you need to translate ports 1024-1030 for example, and 25, 80. Internal host is 192.168.1.1, external address will be 220.127.116.11
access-list 101 permit tcp host 192.168.1.1 range 1024 1030 any
access-list 101 permit tcp host 192.168.1.1 eq 25 any
access-list 101 permit tcp host 192.168.1.1 eq 80 any
static (inside,outside) 18.104.22.168 access-list 101
to translate a different inside host to another port with same external address not previously listed, simply add another acl entry:
access-list 101 permit tcp host 192.168.1.2 eq 443 any
From here, you can add your normal inbound acl's to the external interface permitting access to these ports.
note - you could use object-groups to reduce the size of the acl
Alternatively, you could have used port redirection - aka static PAT. imho the method above scales better, especially since you needed a range of ports translated.. but thats just a personal preference.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...