Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to translate Port

How do I do this?

Currently I have a Static Nat policy that translates Internal IP 192.168.1.10 -> 144.10.10.15 (external)

I have ACLs permitting users from the outside to allow Port 80 for anyone on this 144.10.10.15

How do I set it up so 144.10.10.15 Port 8080 is translated to 192.168.1.10 Port 80

External ( 144.10.10.15:8080 <-> 192.168.1.10:80 )

Is this possible and how woyuld I do this on ASA5500.

5 REPLIES
New Member

Re: How to translate Port

static (inside,outside) tcp 144.10.10.15 8080 192.168.1.10 www netmask 255.255.255.255

or

static (inside,outside) tcp interface 8080 192.168.1.10 www netmask 255.255.255.255

if 144.10.10.15 is outside interface

New Member

Re: How to translate Port

Thanks for the response but I get an error

ERROR: duplicate of existing static

inside:192.168.1.10 to outside:144.10.10.15 netmask 255.255.255.255

Usage: [no] static [(real_ifc, mapped_ifc)]

{|interface}

{ [netmask ]} | {access-list }

[dns]

[[tcp] [ [ [nailed]]]]

[udp ]

[no] static [(real_ifc, mapped_ifc)] {tcp|udp}

{|interface}

{ [netmask ]} |

{access-list }

[dns]

[[tcp] [ [ [nailed]]]]

[udp ]

show running-config [all] static []

clear configure static

I already have regular static NAT for these addresses and ACLs to allow port 80, smtp, and other ports to this internal IP.

I want to make sure only Port 8080 to changed to Port 80, not the others like smtp, etc.

Any Idea ?

New Member

Re: How to translate Port

Could you post config?

Re: How to translate Port

You can't translate the entire IP and then do a port ranslation with the same address. You'll have to remove the full NAT and add them as port translations even thought they don't really translate. Outside users will lose conenctivity and you might have to 'clear xlate'!

Remove

static (inside,outside) 144.10.10.15 192.168.1.10 netmask 255.255.255.255 0 0

Add

static (inside,outside) tcp 144.10.10.15 www 192.168.1.10 www netmask 255.255.255.255 0 0

Re: How to translate Port

Hi .. you need to remove the one to one static and add a series of port translations if you want to use the same public IP address

no static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255

clear xlate

static (inside,outside) tcp x.x.x.x 80 y.y.y.y 80 netmask 255.255.255.255

static (inside,outside) tcp x.x.x.x 25 y.y.y.y 25 netmask 255.255.255.255

.

.

.

.

.

static (inside,outside) tcp x.x.x.x 8080 y.y.y.y 80 netmask 255.255.255.255

Note: clear xlate will kill and established connections and will forze then to reconnect.

I hope it helsp .. please rate it if it does !!!

200
Views
5
Helpful
5
Replies