Hi Ryan,
I am afraid the best I could come up with is a many_to_one_port translation
[1] sort of. I am sort sure what you are trying to do is achievable easily.
Only if Cisco could utilize object groups for NAT ;-) (which they dont, at
least today!).
[1]
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_staticpat.html#wp1081521<http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_staticpat.html#wp1081521>
Your NAT solution seems like the best option.
Sadiq
On Mon, Jun 6, 2011 at 5:55 PM, Ryan West <rwest_at_zyedge.com> wrote:
> Here's one for the security guys out there. I have a need to translate a
> range of addresses for a PAT that was done at the outside interface level,
> i.e. static (inside,outside) tcp x.x.x.x 443 x.x.x.x 443. That works fine,
> but now that the work is complete, it turns out the server needs a range of
> ports (8001 total) to be translated to the internal host. In perfect
> world, I
> would move this to a 1:1 NAT and be done with it, but I want to see if this
> is
> possible first. If this configuration is possible with an ACL, please
> provide
> an example.
>
> Thanks!
>
> -ryan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- CCIEx2 (R&S|Sec) #19963 Blogs and organic groups at http://www.ccie.netReceived on Mon Jun 06 2011 - 19:36:49 ART
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:27 ART