NATs, PATs, and ACLs - which do I need?

I have some devices (RFID Readers) on their own subnet inside my private network that need to be able communicate with an outside company on a specific UDP port and another specific TCP port. I am trying to configure this on my firewall usinf ASDM.
I have created ACL’s that I think are correct for allowing the ports to communicate on the subnet.
Using ASDM, I have tried to create a Dynamic NAT using a pool of addresses, which didn’t work. So, I tried making a PAT which didn’t work.
I’m used to making Static NATs.
I’m getting confused because I want to use a handful of addresses on a particular subnet.

Hello Mark

It depends on what you want to ultimately achieve. Do you want external services to access the RFID readers from the outside? Do you have a single external IP address to work with or more? If you only have one external IP address, and you want all internal RFID readers to access the external server using the same port, then PAT won’t work for you, since you can’t map all internal devices to a single external device with the same port.

I suggest you take a look at the ASA section of the site, and look under Unit 2: NAT/PAT which contains all of the related functionalities.

Look for the situation that best suits your needs. If you have any further more detailed questions, please feel free to share.

I hope this has been helpful!


1 Like

I looked at the lessons, and I discovered I needed an ACL going in the opposite direction.

1 Like