I need to open up the ports for PCAnywhere and use Static NAT to let those in, but I only want to permit a certain ip subnet from accessing those open ports. Any way to block access to those ports to anyone but the specified subnet?
You can use extended access-list to deny/permit specific ports being accessed. Even when you have a static NAT, but if the ACL denies the source IP, it will drop the packet. Your solution is configuring extended ACL and apply to the interface where the packets are arriving (inbound).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...