Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No NAT for Ports

I have an issue with the NAT engine over riding static statements.

IE I want to have statemens like:

static (inside,public) udp 9000 9000 netmask 0 0

access-list PF-ACL permit udp any eq 9000 host eq 9000

So that when my client goes outbound or inbound on udp 9073 it's return traffic will be on 9073(as it is on IPTables using DNAT)

But I also need to use a NAT 1 on for all other port traffic.

Right now the client is on 9073 but it will be PNAT'd instead of using the static statements


  • Other Security Subjects
Cisco Employee

Re: No NAT for Ports

The static you mention creates a static translation specifically (and only) for UDP port 9000, not 9073. If you want port 9073 to be statically NAT'd then you'd have to add:

static (inside,public) udp 9073 9073 netmask 0 0

You can't specify a range of ports in a static statement, you'll have to add a specific static command (and an access-list) for each port you want translated. This may be different to how IPTables works, but it IS how the PIX works, no way around it.

This widget could not be displayed.