topic Re: Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's in Network Security https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4146657#M1073604 <P>You need ACL and NAT here - since we do not know your exiting config&nbsp;</P> <P>&nbsp;</P> <P>the high level here is config -</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>NAT</P> <P>object network HTTP_IN<BR />host 10.10.10.10<BR />nat (inside,outside) static 234.56.78.x service tcp 80 80<BR />!<BR />object network HTTPS_IN<BR />host 10.10.10.10<BR />nat (inside,outside) static 234.56.78.x service tcp 443 443<BR />!</P> <P>&nbsp;</P> <P>ACL to Permit</P> <P>access-list Out2In permit tcp any host 10.10.10.10 eq 80<BR />access-list Out2In permit tcp any host 10.10.10.10 eq 443<BR />!<BR />access-group Out2In in interface outside</P> <P>&nbsp;</P> <P>Test and advise</P> Fri, 04 Sep 2020 20:29:54 GMT balaji.bandi 2020-09-04T20:29:54Z Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4146646#M1073603 <P>Hello Experst&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a>&nbsp;&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326046">@Marvin Rhoads</a>&nbsp;</P><P>&nbsp;</P><P>private IP: 10.10.10.10</P><P>Public IP: 234.56.78.x</P><P>&nbsp;</P><P>I want to map Private IP to Public IP for Port 80 and 443 but need to limit to specific Public IPs. Please help me accomplishing that.&nbsp;</P><P>&nbsp;</P><P>Thanks,</P> Fri, 04 Sep 2020 20:12:04 GMT https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4146646#M1073603 LovejitSingh1313 2020-09-04T20:12:04Z Re: Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4146657#M1073604 <P>You need ACL and NAT here - since we do not know your exiting config&nbsp;</P> <P>&nbsp;</P> <P>the high level here is config -</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>NAT</P> <P>object network HTTP_IN<BR />host 10.10.10.10<BR />nat (inside,outside) static 234.56.78.x service tcp 80 80<BR />!<BR />object network HTTPS_IN<BR />host 10.10.10.10<BR />nat (inside,outside) static 234.56.78.x service tcp 443 443<BR />!</P> <P>&nbsp;</P> <P>ACL to Permit</P> <P>access-list Out2In permit tcp any host 10.10.10.10 eq 80<BR />access-list Out2In permit tcp any host 10.10.10.10 eq 443<BR />!<BR />access-group Out2In in interface outside</P> <P>&nbsp;</P> <P>Test and advise</P> Fri, 04 Sep 2020 20:29:54 GMT https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4146657#M1073604 balaji.bandi 2020-09-04T20:29:54Z Re: Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4148038#M1073697 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/286878">@balaji.bandi</a>&nbsp;&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;</P><P>&nbsp;</P><P>Its running on 8.2 Version and i think this OS needs bit different commands. Any help will be appreciated.</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 08 Sep 2020 20:22:29 GMT https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4148038#M1073697 LovejitSingh1313 2020-09-08T20:22:29Z Re: Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4148079#M1073700 <P>you can try below syntax (8.2 is too old used may be 8+years back).</P> <P>&nbsp;</P> <P>static (inside,outside) tcp 234.56.78.x www 10.10.10.10 www netmask 255.255.255.255<BR />static (inside,outside) tcp 234.56.78.x https 10.10.10.10 https netmask 255.255.255.255</P> <P>or</P> <P>static (inside,outside) tcp 234.56.78.x 80 10.10.10.10 80<BR />static (inside,outside) tcp 234.56.78.x 443 10.10.10.10 443</P> <P><BR />ACL</P> <P>access-list Out_IN permit tcp any host 234.56.78.x eq 480<BR />access-list Out_IN permit tcp any host 234.56.78.x eq 443</P> Tue, 08 Sep 2020 22:09:44 GMT https://community.cisco.com/t5/network-security/cisco-asa-opening-port-80-443-but-limit-it-to-specific-public-ip/m-p/4148079#M1073700 balaji.bandi 2020-09-08T22:09:44Z