https://community.cisco.com/t5/network-security/port-forwarding-help/m-p/1703829#M556465 <P>Hi</P><P>I have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.</P><P></P><P>All this box really does is port forward external clients to 1 address on the internal lan for client software updates.</P><P></P><P>So my question is since I have never really done this is does anybody have any example configs</P><P></P><P>So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2</P><P></P><P>So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.</P><P></P><P>Make sense?</P><P>Any help would be great - thanks</P> Mon, 11 Mar 2019 20:29:48 GMT andrewgarlick 2019-03-11T20:29:48Z https://community.cisco.com/t5/network-security/port-forwarding-help/m-p/1703829#M556465 <P>Hi</P><P>I have a couple of ASA 5505's which work fine for what they are doing VPN and all that - we have 1 DLINK DFR-700 Firewall left and I need to get a new ASA to replace this since it is old.</P><P></P><P>All this box really does is port forward external clients to 1 address on the internal lan for client software updates.</P><P></P><P>So my question is since I have never really done this is does anybody have any example configs</P><P></P><P>So lets say we have client a with IP 1.1.1.1 and client b has 2.2.2.2 - at the moment this is what happens client a and b come in through http and get mapped to the internal http server 10.10.1.2</P><P></P><P>So I need to setup about 100 clients which can come in through http only - get mapped to the internal IP and also keeping the internal server to be able to access anything outside.</P><P></P><P>Make sense?</P><P>Any help would be great - thanks</P> Mon, 11 Mar 2019 20:29:48 GMT https://community.cisco.com/t5/network-security/port-forwarding-help/m-p/1703829#M556465 andrewgarlick 2019-03-11T20:29:48Z https://community.cisco.com/t5/network-security/port-forwarding-help/m-p/1703830#M556467 <HTML><HEAD></HEAD><BODY><P>Hi Andrew,</P><P></P><P>If I understand you configuration correctly, you've got close to about 100 clients on the outside, which needs to be connected to your internal http server, so I assume your network topology is something like this:</P><P></P><P>outside----------ASA-------------inside</P><P>(clients)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (server)</P><P></P><P>Now to publish this particulatr server to the outside world , you would need to map it to a public ip address, lets say 100.100.100.100</P><P><BR />and if you do not have a free IP address, you can use static port forwarding (which would only use a single potrt, instead of the whole IP address).</P><P></P><P>static (inside,outside) tcp 100.100.100.100 443 10..10.10.10.10 443</P><P></P><P>Along with that you would need to allow access to clients by applying an access-list on the outside interface.</P><P></P><P>access-list outside_access extended permit tcp ho 1.1.1.1 ho 100.100.100.100</P><P>access-group outsidfe_access in interface outside</P><P></P><P>To give access to the internal users for the internet, you need the following rules:</P><P></P><P>nat (inside) 1 0 0</P><P>global (outside) 1 interface</P><P></P><P>The complete internal users would be patted to your outside interafce of the ASA.</P><P></P><P>Here is a document for ASA NAT/PAT:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml</A></P><P></P><P>Let me know if this was wat you were looking out for.</P><P></P><P>Regards,</P><P>Varun Rao</P></BODY></HTML> Thu, 05 May 2011 18:28:38 GMT https://community.cisco.com/t5/network-security/port-forwarding-help/m-p/1703830#M556467 varrao 2011-05-05T18:28:38Z