Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.2.1 static nat translation


i want to ask for this:

On ASA version 8.2.1 is configured static translation like this:

static (Inside,Outside) netmask

what is a static 1:1 mapping between Outside and Inside IP.

This translation create mapping from outside to local PC. But it translate for example RDP session port 3389 to port 3389 what is not a very good solution (i can use access-lists to restrict access from outside of course, but is a bit limiting)...

So i want to have "exception" only for one port to map it to other port on this public IP and other use with no change. 

I can do: static (Inside,Outside)  tcp 123456 3389 netmask, but can´t it use together with 1:1 static statement.


Maybe i can use:

global (outside) 2

nat (Inside) 2 access_list PC

access-list PC extended permit ip host any 

and then static (Inside,Outside)  tcp 123456 3389 netmask


But is this a right way how to deal with this problem?


Thank you very much. 

New Member

Why do you need the 1 to 1

Why do you need the 1 to 1 static for that PC if you just want to do port forwarding? Is there some requirement that desktop has a static IP address on the public internet?

If you must keep the 1 to 1, you can pretty easily change the port that PC listens on for remote desktop. That policy NAT example you have might work also.

CreatePlease login to create content