cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5052
Views
0
Helpful
1
Replies

Configure Port Forwarding to Multiple Internal IP Addresses

jschowalter
Level 1
Level 1

ASA 5505 Firmware 8.3(4), ADSM 6.4(2)

Here is what I am trying to do...

I have a public IP address of 168.87.3.4

I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1)

I need to foward different ports (10020-10080) to a different internal address (192.168.1.2)

Everything I read tells me how to do this in a 1 to 1 static NAT, but I cannot find any information on how to the above.

1 Reply 1

Jose Pena
Level 1
Level 1

Justin, this sample is for ASA 8.4(3)

Single port from Internet to single LAN IP

object network LAN-PC1

host 10.10.100.50

object-group service LAN-PC1-8000 tcp

object-port eq 8000

access-list incoming extended permite tcp any object LAN-PC1 object-group LAN-PC1-8000 tcp

object network LAN-PC1

nat (any,outside) static interface service tcp 8000 8000

In the single port forwarding if you want to forward different ports from the Internface outside IP, you have to create a single object group per port.

This sample is more that one port to a single internal IP

object network LAN-SERVER01

host 10.10.100.10

object network WAN-SERVER01

host 8.8.8.8

object-group service LAN-SERVER-01-PORTS tcp

object-port eq 25

object-port eq 80

object-port eq 443

access-list incoming extended permite tcp any object LAN-SERVER01 object-group LAN-SERVER-01-PORTS tcp

object network LAN-SERVER01

nat (any,outside) static WAN-SERVER01

In multiports to a single LAN IP, you have to set all ports in group for a single LAN IP.

I hope this help enough.

Regards.

Jos.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: