https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228284#M859715 <P>Hi,</P><P></P><P>I have a situation where I have a single NAT'ed server that needs ports http, https and a port redirection from 8080 to https done from the Internet into our DMZ. Currently, I have a regular static and ACL that allows http and https traffic. The port redirection piece is the question here because the only way I know how to do this is with a static statement. I already have one static for the http and https traffic so I can't add another for the redirection part.</P><P></P><P>Is there another way to do port redirection without using statics?</P><P></P><P>Thanks in advance.</P> Mon, 11 Mar 2019 15:34:13 GMT mike-greene 2019-03-11T15:34:13Z https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228284#M859715 <P>Hi,</P><P></P><P>I have a situation where I have a single NAT'ed server that needs ports http, https and a port redirection from 8080 to https done from the Internet into our DMZ. Currently, I have a regular static and ACL that allows http and https traffic. The port redirection piece is the question here because the only way I know how to do this is with a static statement. I already have one static for the http and https traffic so I can't add another for the redirection part.</P><P></P><P>Is there another way to do port redirection without using statics?</P><P></P><P>Thanks in advance.</P> Mon, 11 Mar 2019 15:34:13 GMT https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228284#M859715 mike-greene 2019-03-11T15:34:13Z https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228285#M859716 <HTML><HEAD></HEAD><BODY><P>hi mike,</P><P></P><P>your question is not very much clear.</P><P>hope the below commnand will help you to resolve your issue.</P><P></P><P>(config)# static (inside,outside) tcp interface or publicip www 192.168.10.10 www netmask 255.255.255.255</P><P>(config)# static (inside,outside) tcp interface or publicip https 192.168.10.10 https netmask 255.255.255.255</P><P>(config)# static (inside,outside) tcp interface or publicip 8080 192.168.10.20 https netmask 255.255.255.255</P><P></P><P>rgrds</P><P>Naveen</P></BODY></HTML> Wed, 20 May 2009 06:17:32 GMT https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228285#M859716 CSCO10905906 2009-05-20T06:17:32Z https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228286#M859717 <HTML><HEAD></HEAD><BODY><P>Thanks Naveen,</P><P></P><P>Thanks for the reply. I need the config to look like this..</P><P></P><P>static (dmz,outside) tcp 125.x.x.34 www 192.x.x.34 www netmask 255.255.255.255</P><P>static (dmz,outside) tcp 125.x.x.34 https 192.x.x.34 https netmask 255.255.255.255</P><P>static (dmz,outside) tcp 125.x.x.34 8888 192.x.x.34 https netmask 255.255.255.255</P><P></P><P>The last static gives me an duplicate error because the static above it allows https already I'm assuming.</P><P></P><P>Thanks.</P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 20 May 2009 13:17:10 GMT https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228286#M859717 mike-greene 2009-05-20T13:17:10Z https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228287#M859718 <HTML><HEAD></HEAD><BODY><P>Unfortunately it is a dup static entry for https doing it that way using same local host</P><P>unless you assign a secondary IP address on the server - 192.x.x.35 as second IP.</P><P></P><P>But probably best way is to workaround it by using policy NAT.</P><P></P><P>doing it with secondary server IP eg.. 192.x.x.35 would be as:</P><P></P><P>static (dmz,outside) tcp 125.x.x.34 https 192.x.x.34 https netmask 255.255.255.255 </P><P>static (dmz,outside) tcp 125.x.x.34 8888 192.x.x.35 https netmask 255.255.255.255 </P><P></P><P>Doing it with policy NAT - no need for secondary IP address on server but using same 192.x.x.34 address.</P><P></P><P></P><P>access-list policy_nat1 permit tcp host 192.x.x.34 eq https any</P><P>access-list policy_nat2 permit tcp host 192.x.x.34 eq https any</P><P></P><P>static (dmz,outside) tcp 125.x.x.34 https access-list policy_nat1</P><P>static (dmz,outside) tcp 125.x.x.34 8888 access-list policy_nat2</P><P></P><P></P><P>Regards</P><P></P></BODY></HTML> Wed, 20 May 2009 18:49:56 GMT https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228287#M859718 JORGE RODRIGUEZ 2009-05-20T18:49:56Z https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228288#M859719 <HTML><HEAD></HEAD><BODY><P>Thanks!!</P><P></P><P>We found out that the server did not need redirection but thanks for the solution for future use.</P><P></P><P>Thanks Again.</P></BODY></HTML> Thu, 21 May 2009 13:56:22 GMT https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228288#M859719 mike-greene 2009-05-21T13:56:22Z https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228289#M859720 <HTML><HEAD></HEAD><BODY><P>You're welcome Mike, thanks for rating.</P><P></P><P>Regards</P></BODY></HTML> Thu, 21 May 2009 22:40:53 GMT https://community.cisco.com/t5/network-security/port-redirection-and-nat/m-p/1228289#M859720 JORGE RODRIGUEZ 2009-05-21T22:40:53Z