[IT Technology Sharing] How to configure port mapping and PAT for Cisco firewall ASA8.4 or higher IOS

Topology:

Experiment goal: map R1's telnet service (port 23) to port 12345 of ASA1's external network port G0, so that the external network can access it; configure PAT so that the internal network can access the public network.

Configuration:

1. Basic configuration:

R1 ：

#int f0/0

#ip add 192.168.10.1 255.255.255.0

#no sh

#no ip routing

#ip default-gateway 192.168.10.254

#line vty 0 4

#password cisco

#login

#enable password cisco

ASA1:

#int g0

#nameif outside

#ip add 202.100.1.1 255.255.255.0

#no sh

#int g1

#nameif inside

#ip add 192.168.10.254 255.255.255.0

#no sh

Second, on ASA1 configuration mapping of R1 telnet service (port 23):
ASA1:
#object Network outside_telnet_inside - - - - - - - - Create a new name "outside_telnet_inside" network of
like
#host 192.168.10.1 - - - - -----Define the address of the network object, it can also be a network segment

nat (inside,outside) static interface service tcp 23 12345-----Map port 23 of the defined address to the outside

            网口的端口 12345，注意，参数   
            “static”用打问号的方式是不会  
            显示的，但是可以 TAB 出来。    

# access-list 100 permit tcp any host 192.168.10.1 eq 23 - - - - - - - Write ACL allows access within the network outside the network address of a particular
port 23, note that different legacy IOS
is to allow access to the address here and not the
external network port address, but to map out
the real address within the network.
# access-group 100 in interface outside ------- ACL applied to the external network port
three, PAT disposed on the inner ASA1 network can access the Internet:
#object Network Inside
#subnet 192.168.10.0 255.255.255.0
#nat (inside, outside) dynamic interface - - - - - - - - - within the network segment 192.168.10.0/24 do
PAT, note that the "static", like,
"Dynamic" is not it "?"
, but you can Tab out.
Verification:
PAT:
R1 on:

Port Mapping:

On the Internet: