https://community.cisco.com/t5/network-security/asa5505-configuration-question/m-p/2102271#M394685 <HTML><HEAD></HEAD><BODY><P>Duplicate question.</P><P><A class="jive-link-external-small" href="https://community.cisco.com/message/3800074#3800074">https://supportforums.cisco.com/message/3800074#3800074</A></P><P></P><P>Thanks</P></BODY></HTML> Thu, 06 Dec 2012 16:11:57 GMT jurodri3 2012-12-06T16:11:57Z https://community.cisco.com/t5/network-security/asa5505-configuration-question/m-p/2102270#M394678 <P>I have a block of 5 IPs from my ISP. I have given one to the outside interface of my firewall and need to forward ports from the other IPs through the firewall to internal IPs.</P><P></P><P>I have created ACL and NAT rules for this but an unable to get it to work correctly.</P><P></P><P>Strange thing is, I currently have 3 separate physical networks with cisco 800 routers each with a connection to the internet on the same ISP subnet. (the ASA will eventually be used to replace this setup). I am able to access the servers on the ports I forward though the firewall from each of these other networks but not from anywhere else on the internet.</P><P></P><P>I must be missing something here. </P><P></P><P>Here is are the relevant pieces of my config:</P><P></P><P>interface Vlan1</P><P> nameif inside</P><P> security-level 100</P><P> ip address 10.86.20.1 255.255.255.0</P><P>!</P><P>interface Vlan2</P><P> nameif outside</P><P> security-level 0</P><P> ip address x.x.x.85 255.255.255.0</P><P>!</P><P></P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq 15000</P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq 15001</P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq 10000</P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq https</P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq www</P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq ssh</P><P>access-list outside_access extended permit tcp any host x.x.x.83 eq ftp</P><P>!</P><P>global (outside) 1 interface</P><P>nat (inside) 1 0.0.0.0 0.0.0.0</P><P>static (inside,outside) tcp x.x.x.83 10000 10.86.20.20 10000 netmask 255.255.255.255</P><P>static (inside,outside) tcp x.x.x.83 ssh 10.86.20.20 ssh netmask 255.255.255.255</P><P>static (inside,outside) tcp x.x.x.83 https 10.86.20.20 https netmask 255.255.255.255</P><P>static (inside,outside) tcp x.x.x.83 www 10.86.20.20 www netmask 255.255.255.255</P><P>static (inside,outside) tcp x.x.x.83 ftp 10.86.20.50 ftp netmask 255.255.255.255</P><P>static (inside,outside) tcp x.x.x.83 15001 10.86.20.50 15001 netmask 255.255.255.255</P><P>static (inside,outside) tcp x.x.x.83 15000 10.86.20.50 15000 netmask 255.255.255.255</P><P>access-group outside_access in interface outside</P><P>route outside 0.0.0.0 0.0.0.0 x.x.x.1 1</P> Tue, 12 Mar 2019 00:32:55 GMT https://community.cisco.com/t5/network-security/asa5505-configuration-question/m-p/2102270#M394678 Lucas Kane 2019-03-12T00:32:55Z https://community.cisco.com/t5/network-security/asa5505-configuration-question/m-p/2102271#M394685 <HTML><HEAD></HEAD><BODY><P>Duplicate question.</P><P><A class="jive-link-external-small" href="https://community.cisco.com/message/3800074#3800074">https://supportforums.cisco.com/message/3800074#3800074</A></P><P></P><P>Thanks</P></BODY></HTML> Thu, 06 Dec 2012 16:11:57 GMT https://community.cisco.com/t5/network-security/asa5505-configuration-question/m-p/2102271#M394685 jurodri3 2012-12-06T16:11:57Z