cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


92
Views
0
Helpful
1
Replies
Beginner

Port forwording ASA 5520

Never done port forwarding before , not really sure how to do it. I have a cisco ASA 5520 running version 8.2 , I Do most of my set up with the ASDM.

 
 
I need to set up a port forwarding on the outside interface 70.xx.xx.66
 
so traffic bound for 70.xx.xx.66 ( main internet ip) hits ports 21012 ,21010, 21011 
 
then the traffic would be forwarded to  inside addy 10.x.x.x port 8887 ,80,  443 .
 
 
 
any help would rock
Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

I can tell you the CLi script

I can tell you the CLi script of the same.

you will need 2x things for each port-forwarding (one ACL entry and one STATIC NAT entry)

static (inside,outside) tcp 70.x.x.x 21012 10.x.x.x 8887 netmask 255.255.255.255 0 0
static (inside,outside) tcp 70.x.x.x 21010 10.x.x.x 80 netmask 255.255.255.255 0 0
static (inside,outside) tcp 70.x.x.x 21011 10.x.x.x 443 netmask 255.255.255.255 0 0


access-group OUTSIDE_IN in interface outside

access-list OUTSIDE_IN ext permit tcp any 70.x.x.x eq 21012
access-list OUTSIDE_IN ext permit tcp any 70.x.x.x eq 21010
access-list OUTSIDE_IN ext permit tcp any 70.x.x.x eq 21011

Let me know if any issues.

 

Please mark answer as correct if it works.

1 REPLY 1
Beginner

I can tell you the CLi script

I can tell you the CLi script of the same.

you will need 2x things for each port-forwarding (one ACL entry and one STATIC NAT entry)

static (inside,outside) tcp 70.x.x.x 21012 10.x.x.x 8887 netmask 255.255.255.255 0 0
static (inside,outside) tcp 70.x.x.x 21010 10.x.x.x 80 netmask 255.255.255.255 0 0
static (inside,outside) tcp 70.x.x.x 21011 10.x.x.x 443 netmask 255.255.255.255 0 0


access-group OUTSIDE_IN in interface outside

access-list OUTSIDE_IN ext permit tcp any 70.x.x.x eq 21012
access-list OUTSIDE_IN ext permit tcp any 70.x.x.x eq 21010
access-list OUTSIDE_IN ext permit tcp any 70.x.x.x eq 21011

Let me know if any issues.

 

Please mark answer as correct if it works.