cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
997
Views
0
Helpful
3
Replies

ASA 5505 configuration help

toddelrick
Level 1
Level 1

Hello,  I need to update the configuration of an ASA 5505 running version 7.2(4)

Currently we have three external IP addresses pointing to three internal  servers as static routes (actual IP's have been changed):

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 1.2.3.33 192.168.1.11 netmask 255.255.255.255

static (inside,outside) 1.2.3.34 192.168.1.12 netmask 255.255.255.255

static (inside,outside) 1.2.3.35 192.168.1.13 netmask 255.255.255.255

I need to be able to use each of those external IP addresses with port  3390 to connect to a different IP than what is in the static route, ie:

Outside 1.2.3.33:3390 connects to Inside 192.168.1.101:3389

Outside 1.2.3.34:3390 connects to Inside 192.168.1.102:3389

Outside 1.2.3.35:3390 connects to Inside 192.168.1.103:3389

I can easily add the access-list, but I have a feeling the static routes are causing my issues.

access-list acl_out extended permit tcp any host 1.2.3.33 eq 3390

access-list acl_out extended permit tcp any host 1.2.3.34 eq 3390

access-list acl_out extended permit tcp any host 1.2.3.35 eq 3390

Please advise!

Thanks in advance,

Todd

1 Accepted Solution

Accepted Solutions

ajay chauhan
Level 7
Level 7

static (inside,outside) tcp 1.2.3.33 3390 192.168.1.101 3389 netmask 255.255.255.255                       .

static (inside,outside) tcp 1.2.3.34 3390 192.168.1.102 3389 netmask 255.255.255.255                                 

static (inside,outside) tcp 1.2.3.35 3390 192.168.1.103 3389 netmask 255.255.255.255

This should do it.

Thanks

Ajay                          

View solution in original post

3 Replies 3

ajay chauhan
Level 7
Level 7

static (inside,outside) tcp 1.2.3.33 3390 192.168.1.101 3389 netmask 255.255.255.255                       .

static (inside,outside) tcp 1.2.3.34 3390 192.168.1.102 3389 netmask 255.255.255.255                                 

static (inside,outside) tcp 1.2.3.35 3390 192.168.1.103 3389 netmask 255.255.255.255

This should do it.

Thanks

Ajay                          

Thanks Ajay,

I had to remove the origonal static NAT's and add in what we needed for specific port redirections, but it worked.

Now that I've thought about it longer, it's starting to make sense!

Thanks for the help!

Todd

Good to hear that

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: