Configure Port Forwarding to Multiple Internal IP Addresses

jschowalter · ‎06-22-2012

ASA 5505 Firmware 8.3(4), ADSM 6.4(2)

Here is what I am trying to do...

I have a public IP address of 168.87.3.4

I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1)

I need to foward different ports (10020-10080) to a different internal address (192.168.1.2)

Everything I read tells me how to do this in a 1 to 1 static NAT, but I cannot find any information on how to the above.

Jose Pena · ‎06-22-2012

Justin, this sample is for ASA 8.4(3)

Single port from Internet to single LAN IP

object network LAN-PC1

host 10.10.100.50

object-group service LAN-PC1-8000 tcp

object-port eq 8000

access-list incoming extended permite tcp any object LAN-PC1 object-group LAN-PC1-8000 tcp

object network LAN-PC1

nat (any,outside) static interface service tcp 8000 8000

In the single port forwarding if you want to forward different ports from the Internface outside IP, you have to create a single object group per port.

This sample is more that one port to a single internal IP

object network LAN-SERVER01

host 10.10.100.10

object network WAN-SERVER01

host 8.8.8.8

object-group service LAN-SERVER-01-PORTS tcp

object-port eq 25

object-port eq 80

object-port eq 443

access-list incoming extended permite tcp any object LAN-SERVER01 object-group LAN-SERVER-01-PORTS tcp

object network LAN-SERVER01

nat (any,outside) static WAN-SERVER01

In multiports to a single LAN IP, you have to set all ports in group for a single LAN IP.

I hope this help enough.

Regards.

Jos.