Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

No NAT for Ports

I have an issue with the NAT engine over riding static statements.

IE I want to have statemens like:

static (inside,public) udp 6.21.12.18 9000 192.168.1.8 9000 netmask 255.255.255.255 0 0

access-list PF-ACL permit udp any eq 9000 host 192.168.1.8 eq 9000

So that when my client goes outbound or inbound on udp 9073 it's return traffic will be on 9073(as it is on IPTables using DNAT)

But I also need to use a NAT 1 on 192.168.1.0 for all other port traffic.

Right now the client is on 9073 but it will be PNAT'd instead of using the static statements

-Chris

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: No NAT for Ports

The static you mention creates a static translation specifically (and only) for UDP port 9000, not 9073. If you want port 9073 to be statically NAT'd then you'd have to add:

static (inside,public) udp 6.21.12.18 9073 192.168.1.8 9073 netmask 255.255.255.255 0 0

You can't specify a range of ports in a static statement, you'll have to add a specific static command (and an access-list) for each port you want translated. This may be different to how IPTables works, but it IS how the PIX works, no way around it.

93
Views
0
Helpful
1
Replies
This widget could not be displayed.