ASA 5505: NAT/PAT question


I finally got round to reconfiguring my Cisco ASA 5505 so that it has a proper internal LAN and uses PAT/NAT on the outside.

I am getting this working, but have trouble with one specific scenario:

- I want all traffic coming from to the outside to be represented on the outside as xx.xx.xx.212.

- I will be opening up ports to the xx.xx.xx.212 IP address without using port redirection.

- I wish to open up port 53 on the outside IP address to a DNS server on the inside, however, on the inside, we are running the DNS service on port 5353.

I tried the following commands:

static (inside,outside) tcp xx.xx.xx.212 domain 5353 netmask static (inside,outside) udp xx.xx.xx.212 domain 5353 netmask static (inside,outside) xx.xx.xx.212 netmask

However, when I entered in the third command, I got an error that the command would overide the scope of the preceeding two commands.

If I were to do static NAT statements for every port that I wanted to map on the inside, then I am not sure whether connections that were going from a non mapped port would be natted to the outside address, so is there any other way of doing this? I was wondering whether policy NAT would work? If using this, would I do something like this:

static (inside,outside) xx.xx.xx.212 access-list server_nat

access-list server_nat extended permit tcp host 5353 access-list server_nat extended permit udp host 5353 access-list server_nat extended permit ip host any

However, I wanted to check with someone before doing this, in case it was going to mess something else up.

Would this be a better way of doing this?

Thanks. Andrew.

Reply to
Andrew Hodgson
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.