Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Configuration Assistance

Need to know what is the specific command on natting an ip to another ip via a port number.  Here is an example of what I think it should be but can't find the correct verbege.

This what I have listed which opens it up to any IP.

access-list 101 extended permit tcp any host 68.156.91.20 eq 23032

Here is what I would like to see, but I know the verbage is wrong or I am missing something more.

access-list 101 extended permit ip 74.165.236.76  255.255.255.248  68.156.91.20  255.255.255.224 eq 23032

Please assist?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA Configuration Assistance

That is exactly right. Note that when you look at the config it will replace it with this line-

access-list 101 extended permit tcp host 74.165.236.76  host 68.156.91.20 eq 23032

When you write the ACL you can either enter 255.255.255.255 or precede the IP with the keyword host.

7 REPLIES

Re: ASA Configuration Assistance

Oh so close!

access-list 101 extended permit tcp 74.165.236.76  255.255.255.248  68.156.91.20  255.255.255.224 eq 23032

This is just the ACL though and you mentioned NAT. Will you be NATing from one port to another?

New Member

Re: ASA Configuration Assistance

Yeah tried that one, but it didn't work.  It's message.

ERROR: IP address,mask <74.165.236.76,255.255.255.248> doesn't pair

Probably something wrong with the IP's mask?

Re: ASA Configuration Assistance

Yes there is. You need to specify the subnet and not a host in it.

access-list 101 extended permit tcp 74.165.236.72  255.255.255.248  68.156.91.0  255.255.255.224 eq 23032

You can specify just a host too.

New Member

Re: ASA Configuration Assistance

It worked in placing that information in their now.  I just need to be sure the agency can access it.  I have another one as well, trying to determine its subnet host.

You have a useful tool on getting that information faster?

Re: ASA Configuration Assistance

You bet. Here's a link to a free subnet calculator.

http://www.solarwinds.com/products/freetools/free_subnet_calculator.aspx

New Member

Re: ASA Configuration Assistance

One more question Collin, specifiying the subnet was easy.  Now locking it down to a specific IP, is that impossible?  Does the command look something like this?

access-list 101 extended permit tcp 74.165.236.76 255.255.255.255 68.156.91.20 255.255.255.255 eq 23032

Will this work?  Overall this is where I am trying to get to.

Re: ASA Configuration Assistance

That is exactly right. Note that when you look at the config it will replace it with this line-

access-list 101 extended permit tcp host 74.165.236.76  host 68.156.91.20 eq 23032

When you write the ACL you can either enter 255.255.255.255 or precede the IP with the keyword host.

7608
Views
0
Helpful
7
Replies
CreatePlease login to create content