Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
2
Replies

ASA 5510 and Port Forwarding?

lee.towndrow
Level 1
Level 1

‎10-24-2012 03:12 AM - edited ‎03-11-2019 05:13 PM

Hi all,

This is my first post and I really could do with your help.

I have a Cisco ASA 5510 appliance running ASDM 6.3

We have a number of public IP addresses associated with our company.

In order to utilise the IP addresses effectively I want to use one puplic IP address for two servers running on different ports.

e.g.

Public IP address 78.109.174.100

for both

Server 1 HTTPS and HTTP

Server 2 FTP

Both Servers live in the same subnet (DMZ)

I believe this maybe port forwarding but could be completely wrong.

I've tried creating a NAT rule that goes from Server 2 Network object to Server 1 external but this didn't work.

Please can you help?

I'm a novice with ASDM and any help in layman's terms would be appreciated.

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎10-24-2012 03:25 AM

Hi,

take a look at this:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/nat_overview.html#wp1107574

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni

‎10-24-2012 03:56 AM

Hi,

Without looking at your configuration (CLI  format, I don't use ASDM to configure ASA) I can't say if you could have any NAT rules that might cause problems for what you are trying to achieve.

The very basic configuration you could use would be

For ASA running 8.3 and above software

- IPs and interface, ACL names made up

object network SERVER1-HTTP

host 10.10.10.10

nat(dmz,outside) static 78.109.174.100 service tcp 80 80

object network SERVER1-HTTPS

host 10.10.10.10

nat(dmz,outside) static 78.109.174.100 service tcp 443 443

object network SERVER2-FTP

host 10.10.10.20

nat(dmz,outside) static 78.109.174.100 service tcp 21 21

access--list OUTSIDE-IN permit tcp any object SERVER1-HTTP eq 80

access--list OUTSIDE-IN permit tcp any object SERVER1-HTTPS eq 443

access--list OUTSIDE-IN permit tcp any object SERVER2-FTP eq ftp

I can't say if the FTP would work. I guess it depends also on the mode of the FTP used. With the above NAT it would form the control connection just fine but the data connection would probably be visible with different public IP address

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card