Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
2
Replies

How do I forward a port to an inside ip address?

djh0000011
Level 1
Level 1

‎06-07-2016 10:37 AM - edited ‎03-12-2019 12:51 AM

A phone vendor wants to be able to remotely access our phone and voice mail controller by forwarding TCP Port 35300 and TCP Port 10000 to 2 specific addresses. How do I do this in a Cisco ASA 5506X Firewall?

Labels:
0 Helpful
2 Replies 2

David Castro F.
Spotlight
Spotlight

‎06-07-2016 05:50 PM

Hello,

On this case you will require to configure Port redirection (NAT port forward), so the remote users will go to the specific 2 IPs on 2 two ports, and the traffic will be Untranslated to the real Voice Mail controller and to the phone:

For example:

Real IPs:

- Voice Mail: 10.10.10.2

- Phone: 10.10.10.3

2 Specific addresses:

- 200.200.200.2

- 200.200.200.3

1. You will need to create objects for the real IPs:

object network Voice_Mail

    host 10.10.10.2

object network Phone

    host 10.10.10.3

2. Make sure to now what are the TCP or UDP ports used for the port redirection, afterwards define the NAT, it will be define within the NAT statement:

object network Voice_Mail
nat (inside,outside) static 200.200.200.2 service tcp 35300 35300
-----------------------------------------------------------------------------------
object network Phone
nat (inside,outside) static 200.200.200.3 service tcp 10000 10000

 so, this is the user scenario: When the outside user tries to access the server, 200.200.200.2 at port 35300, this traffic is redirected to the internal Voice Mail server, 10.10.10.2 at port 35300, the same for the other IP and the 10000 TCP port.

keep me posted, please proceed to rate and mark as correct the helpful post!

David Castro,

0 Helpful

David Castro F.
Spotlight
Spotlight
In response to David Castro F.

‎06-07-2016 05:54 PM

Hello,

Also dont forget to allow the traffic in the ACL applied in the outside interface as inbound, on the 9.X versions you have to specify the real IP address and not the mapped IP address, for example:

access-list Outside-inbound-acl permit tcp XXXXXX XXXXXX host 10.10.10.2 eq 35300

access-list Outside-inbound-acl permit tcp XXXXXX XXXXXX host 10.10.10.3 eq 10000

XXXXXX XXXXXX are the src IPs coming from the outside or whatever direction, 

Please proceed to rate and mark as correct the helpful post!

David Castro,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card