Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
162
Views
0
Helpful
2
Replies
Highlighted
Lemon Lime
Lemon Lime Beginner
Beginner
‎02-27-2014 01:30 PM
‎02-27-2014 01:30 PM

Accessing inside service from outside via 5505

Hello,

I feel that this should be straight forward but I am having a lot of trouble getting this to work.

I am using v8.2 (security plus license) and have an ASA which does the standard allow internal access outside but I also have an additional network which is accessed with AnyConnect client.

I now have another requirement to place a web service so it is publically accessible.  I only have 1 available IP address which is the outside IP of my ASA (I cannot get anymore).  I though I could achieve this with port forwarding so if I chose to go to my IP with a :portnumber I could forward that traffic to my internal server.  Is this correct.

Example:

Outside World  ------------- Outside ASA / Inside ASA --------------------- Web Server

0.0.0.0                            1.1.1.1           192.168.1.1                       192.168.1.2

What I would like to do is enter the outside IP of my ASA into a browser with a random port and that redirects to my internal server (e.g. http://1.1.1.1:55000 redirects to https://192.168.1.2

Additional Criteria

1.  I must not affect current services including my VPN connections

2.  I may have additional web servers in future which will have to also use same outside IP address.

Can this be done and if so, how?

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Harvey Ortiz
Harvey Ortiz Beginner
Beginner
‎02-27-2014 07:07 PM
‎02-27-2014 07:07 PM

Accessing inside service from outside via 5505

Hi Simon,

If you need to setup port forwarding on ASA runnin 8.2, the configuration will look like this:

static (inside,outside) tcp interface 55000 192.168.1.2 443

So traffic coming from the Internet will reach the external IP 1.1.1.1:55000 and the ASA will send the traffic to internal web server on tcp port 443.

Also remember to add the access list:

access-list outside_access line 1 extended permit tcp any host 1.1.1.1 eq 55000

If you have another web server behind the inside you can the same public IP address but different random port:

static (inside,outside) tcp interface 56000 192.168.1.3 443

access-list outside_access line 1 extended permit tcp any host 1.1.1.1 eq 56000

Please rate and select a correct answer.

View solution in original post

0 Helpful
Reply
2 REPLIES 2
Highlighted
Harvey Ortiz
Harvey Ortiz Beginner
Beginner
‎02-27-2014 07:07 PM
‎02-27-2014 07:07 PM

Accessing inside service from outside via 5505

Hi Simon,

If you need to setup port forwarding on ASA runnin 8.2, the configuration will look like this:

static (inside,outside) tcp interface 55000 192.168.1.2 443

So traffic coming from the Internet will reach the external IP 1.1.1.1:55000 and the ASA will send the traffic to internal web server on tcp port 443.

Also remember to add the access list:

access-list outside_access line 1 extended permit tcp any host 1.1.1.1 eq 55000

If you have another web server behind the inside you can the same public IP address but different random port:

static (inside,outside) tcp interface 56000 192.168.1.3 443

access-list outside_access line 1 extended permit tcp any host 1.1.1.1 eq 56000

Please rate and select a correct answer.

View solution in original post

0 Helpful
Reply
Lemon Lime
Lemon Lime Beginner
Beginner
‎02-28-2014 07:25 PM
‎02-28-2014 07:25 PM

Accessing inside service from outside via 5505

Thank you for your response. I'm going to rate your answer as correct but there was a line you were missing that I believe was the initial problem all along.

What I had forgotten was to apply the access list to the outside interface:

access-group outside_access in interface outside

Once I did this it worked!!

PS:  Anyone in future looking at this - You will also need to ensure your http server enable is on a separate port using command

http server enable port-number

0 Helpful
Reply
Latest Contents
Recommended Software image for ASA 5585-X
Created by sindbandgi on 04-09-2020 12:10 AM
0
0
0
0
Hello All, We are using Cisco ASA 5585-X  for many years however we are facing a lot issues with a stable version of the software image presently we are using  Version 9.4(4)20 however present software have seemed to be a bug as m... view more
AnyConnect Syslog Configuration Example
Created by pcarco on 04-07-2020 10:54 AM
0
0
0
0
This article is intended to be a simple example of configuring AnyConnect relevant syslog messages to be sent from the ASA to a Syslog server.  The syslog server in this example is Spunk but almost any syslog server should be do the job.   The ... view more
NGFW Sprint 2020 Release is Here!
Created by suhegade on 04-07-2020 02:48 AM
0
0
0
0
NGFW Spring 2020 Releases   It’s official! FTD 6.6, ASA 9.14.1, and FXOS 2.8 have been released. We want to thank the hundreds of team members for the tens of thousands of man-hours dedicated to driving this critical release over the finish line. 120... view more
cisco duo integration anyconnect ssl vpn
Created by elite2010 on 04-05-2020 10:59 AM
1
0
1
0
Hi,I was trying to 2fa cisco duo , all the required settings done  as per below . The problem is duo cloud  does nti not getting any request from the asa . So I am not getting any code from the duo https://www.youtube.com/watch?v=6nEvmc8wji... view more
Community Ask Me Anything event- Configuration, Troubleshoot...
Created by ciscomoderator on 04-03-2020 05:38 PM
0
0
0
0
This event continues the conversation of our recent Community Ask Me Anything event "Secure Remote Workers". To   participate   in this event, please use the   button   to ask your questions Here’s your ch... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Spotlight Awards- February 2020

Follow our Social Media Channels