Since I think you asked in an earlier post, you have to set the netmask on the host you're translating to 255.255.255.255 because you are defining a host, not a network or subnet.
It will probably already show up with the correct PAT setup on each if you edit your existing rules in ASDM. Original Port: 3389 Translated Port: 3389ĭo the same for Kaiya, but set the translated port to 3390. To do this, set your static NAT (with PAT) entries for these two hosts to: The global IP address of Kaiya and Mutha should both be your outside IP address.
On your NAT config for Kaiya and Mutha, you're doing a NAT with 0.0.0.0 as the global IP address. I assume you meant to allow only port 3390 there? Might want to put in the specific port number. On your security policy, you're allowing ALL tcp ports inbound to Kaiya. Snmp-server enable traps snmp authentication linkup linkdown coldstartĭhcpd address 192.168.1.2-192.168.1.129 inside Static (inside,outside) tcp 0.0.0.0 3389 Mutha 3389 netmask 255.255.255.255Īccess-group outside_access_in in interface outside Icmp unreachable rate-limit 1 burst-size 1 Object-group service MuthaPortForward tcpĪccess-list outside_access_in extended permit tcp any host KaiyaĪccess-list outside_access_in extended permit tcp any object-group MuthaPortForward host Mutha object-group MuthaPortForward Create a NAT rule from your inside IP to your outside IP or interface and check the "Enable port address translation (PAT)" checkbox and put in the port numbers you want to translate (original and translated will usually be the same).Īfter doing so, just go to your security policy for your outside interface and create a rule that allows traffic from host "any" to your outside IP address on the tcp or udp ports you want to allow incoming.Īs long as you've got the NAT (with PAT if necessary) set up properly, the access-list entry should allow the traffic in on the outside interface, and the NAT/PAT will redirect those ports to the correct internal IP address on the correct port. If you only have a single global IP address (such as on a cable/DSL Internet connection) and multiple inside IP devices, then you'll probably need to create a NAT with a PAT rule on it. If all you're trying to do is allow a couple of incoming ports from the outside, then go to your NAT section in the ASDM and make sure the inside device has an explicit NAT to your outside IP or interface.
0 kommentar(er)
