cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2804
Views
10
Helpful
9
Replies

Allowing Ports to a host in cisco asa

pinoybot
Level 1
Level 1

Newbie question, please help.

access-list OUTSIDE extended permit tcp any host 10.1.1.5 eq www

 

This command will allow outside host to access internal host with the corresponding ip using the port 80, is that correct? 

Thanks in advance.

2 Accepted Solutions

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Yes if 10.1.1.5 is sitting in your inside zone. You also need a nat to allow users coming public network to reach a public IP which will forward the traffic to your internal host.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Here 2 examples.

 

Let's say you want to Nat your server with IP 192.168.0.1 to IP 1.1.1.1 without port restriction (full nat)

 

Object network server

 host 192.168.0.1

 nat (Inside,Outside) static 1.1.1.1

 

Let's say you want to Nat your server with IP 192.168.0.1 to IP 1.1.1.1 only for https

 

Object network server

 host 192.168.0.1

 nat (Inside,Outside) static 1.1.1.1 service tcp https https 

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

9 Replies 9

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Yes if 10.1.1.5 is sitting in your inside zone. You also need a nat to allow users coming public network to reach a public IP which will forward the traffic to your internal host.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank you Francesco!

By the way can you give me a simple example of a NAT of the following. TY in advance!

Here 2 examples.

 

Let's say you want to Nat your server with IP 192.168.0.1 to IP 1.1.1.1 without port restriction (full nat)

 

Object network server

 host 192.168.0.1

 nat (Inside,Outside) static 1.1.1.1

 

Let's say you want to Nat your server with IP 192.168.0.1 to IP 1.1.1.1 only for https

 

Object network server

 host 192.168.0.1

 nat (Inside,Outside) static 1.1.1.1 service tcp https https 

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Is this similar to the one below?

Object network server

 host 192.168.0.1

 nat (Inside,Outside) static 1.1.1.1

 

Let's say 192.168.0.1 is an outside server
static (outside,inside) 1.1.1.1 192.168.0.1 netmask 255.255.255.255

Not the same.
Take a look here which is well explained:
https://supportforums.cisco.com/t5/wan-routing-and-switching/confused-with-nat-inside-outside-outside-inside-keywords/td-p/1365312

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Great thanks! I thought I'm near of understanding it. Yikes!

Cool. If any question, let me know

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

svujicic93
Level 1
Level 1

@Francesco Molino I have similar situation but I wrong somewhere.
I have two separate local network (old and new) and I put Cisco Asa between them. 
"New" network I called inside and "Old" network outside and I allow access for all subnet from new to old.

Now, I want allow access from one host in outside network to one host in inside network.

I added access list (below) on Cisco Asa but it don't work. 

access-list outsidehost_to_insidehost extended permit tcp host 192.168.1.30 172.16.10.200 eq https

 

Thanks in advance

Review Cisco Networking for a $25 gift card