Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
3
Replies

ASA 5505 9.2(1) Port Forward issue

Rob Royse
Level 1
Level 1

‎06-21-2014 02:16 PM - edited ‎03-11-2019 09:21 PM

Hello,

I could really use some help in setting up a port forward rule on my ASA. I have a host on the LAN (192.168.1.24) I need to expose ports 8082 and 8083 (both tcp and udp) to the Internet. I have an existing rule set up for another host on the LAN on another port and it seems to be working fine, but I can't seem to get this range set up for this new device. I tried adding the commands and I can sometimes get either 8082 or 8083 to work correctly, but never both simultaneously. I have a single, dynamic IP address from my ISP.

I must be doing something wrong, and I would really appreciate it if someone could give me the explicit changes to make. I have a feeling it is because I need 2 ports open for the same internal IP, but I am not sure.

Could someone please give me the commands to issue. The commands I used previously for a single port are not working.

Thanks, please advise.

-Rob

 

Labels:
0 Helpful
3 Replies 3

nkarthikeyan
Level 7
Level 7

‎06-21-2014 11:50 PM

Hi Rob,

 

Could you please try like the below?. I hope this should work for you, but am not pretty sure on this.

object network obj-192.168.1.24-tcp-8082
 host 192.168.1.24
!
object network obj-192.168.1.24-tcp-8083
 host 192.168.1.24
!
object network obj-192.168.1.24-udp-8082
 host 192.168.1.24
!
object network obj-192.168.1.24-udp-8083
 host 192.168.1.24
!
object network obj-192.168.1.24-tcp-8082
nat (inside,outside) static interface service tcp 8082 8082
!
object network obj-192.168.1.24-tcp-8083
 nat (inside,outside) static interface service tcp 8083 8083
!
object network obj-192.168.1.24-udp-8082
 nat (inside,outside) static interface service udp 8082 8082
!
object network obj-192.168.1.24-udp-8083
nat (inside,outside) static interface service tcp 8083 8083
!

 

Please do rate for the helpful posts and do remember to select the correct answer

 

Regards

Karthik

0 Helpful

Rob Royse
Level 1
Level 1
In response to nkarthikeyan

‎06-24-2014 03:28 PM

Thank you, I think I figured it out, but I am not sure I understand the difference in the commands I used. I think it has to do with the inherent differences between the types of commands used in PAT.

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to Rob Royse

‎06-24-2014 07:34 PM

Hi Roy,

 

Yeah. You can try this out and let me know if that solves your problem.

 

Please do rate the helpful posts and remember to mark the correct answers.

 

Regards

Karthik

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card