cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


751
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA 5505 configuration help

Hello,  I need to update the configuration of an ASA 5505 running version 7.2(4)

Currently we have three external IP addresses pointing to three internal  servers as static routes (actual IP's have been changed):

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 1.2.3.33 192.168.1.11 netmask 255.255.255.255

static (inside,outside) 1.2.3.34 192.168.1.12 netmask 255.255.255.255

static (inside,outside) 1.2.3.35 192.168.1.13 netmask 255.255.255.255

I need to be able to use each of those external IP addresses with port  3390 to connect to a different IP than what is in the static route, ie:

Outside 1.2.3.33:3390 connects to Inside 192.168.1.101:3389

Outside 1.2.3.34:3390 connects to Inside 192.168.1.102:3389

Outside 1.2.3.35:3390 connects to Inside 192.168.1.103:3389

I can easily add the access-list, but I have a feeling the static routes are causing my issues.

access-list acl_out extended permit tcp any host 1.2.3.33 eq 3390

access-list acl_out extended permit tcp any host 1.2.3.34 eq 3390

access-list acl_out extended permit tcp any host 1.2.3.35 eq 3390

Please advise!

Thanks in advance,

Todd

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

ASA 5505 configuration help

static (inside,outside) tcp 1.2.3.33 3390 192.168.1.101 3389 netmask 255.255.255.255                       .

static (inside,outside) tcp 1.2.3.34 3390 192.168.1.102 3389 netmask 255.255.255.255                                 

static (inside,outside) tcp 1.2.3.35 3390 192.168.1.103 3389 netmask 255.255.255.255

This should do it.

Thanks

Ajay                          

3 REPLIES 3
Rising star

ASA 5505 configuration help

static (inside,outside) tcp 1.2.3.33 3390 192.168.1.101 3389 netmask 255.255.255.255                       .

static (inside,outside) tcp 1.2.3.34 3390 192.168.1.102 3389 netmask 255.255.255.255                                 

static (inside,outside) tcp 1.2.3.35 3390 192.168.1.103 3389 netmask 255.255.255.255

This should do it.

Thanks

Ajay                          

Beginner

ASA 5505 configuration help

Thanks Ajay,

I had to remove the origonal static NAT's and add in what we needed for specific port redirections, but it worked.

Now that I've thought about it longer, it's starting to make sense!

Thanks for the help!

Todd

Rising star

ASA 5505 configuration help

Good to hear that