Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 8.2.1 static nat translation

Hello,

i want to ask for this:

On ASA version 8.2.1 is configured static translation like this:

static (Inside,Outside)  5.5.5.100 192.168.1.5 netmask 255.255.255.255

what is a static 1:1 mapping between Outside and Inside IP.

This translation create mapping from outside to local PC. But it translate for example RDP session port 3389 to port 3389 what is not a very good solution (i can use access-lists to restrict access from outside of course, but is a bit limiting)...

So i want to have "exception" only for one port to map it to other port on this public IP and other use with no change. 

I can do: static (Inside,Outside)  tcp 5.5.5.100 123456 192.168.1.5 3389 netmask 255.255.255.255, but can´t it use together with 1:1 static statement.

 

Maybe i can use:

global (outside) 2 5.5.5.100

nat (Inside) 2 access_list PC

access-list PC extended permit ip host 192.168.1.5 any 

and then static (Inside,Outside)  tcp 5.5.5.100 123456 192.168.1.5 3389 netmask 255.255.255.255

 

But is this a right way how to deal with this problem?

 

Thank you very much. 

1 REPLY
New Member

Why do you need the 1 to 1

Why do you need the 1 to 1 static for that PC if you just want to do port forwarding? Is there some requirement that desktop has a static IP address on the public internet?

If you must keep the 1 to 1, you can pretty easily change the port that PC listens on for remote desktop. That policy NAT example you have might work also.

27
Views
0
Helpful
1
Replies
CreatePlease login to create content