Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
1
Replies

ASA 5510 - how to limit port forwarding to specific public subnet

chris-dickens
Level 1
Level 1

‎12-09-2013 08:21 PM - edited ‎03-11-2019 08:15 PM

I'd like to limit port forwarding to an inside IP so that only one specific /24 from outside can use that port

right now any outside (public) IP can use the port.

IP's for examples only

limit outside Public IP's to 192.168.2.0/24 instead of any

port 44440 forwarded to inside 172.16.0.2/32

172.16.0.2 has a public IP statically NATed to it

Here's what I've got in the config for this

name 10.1.10.4 Linuxpublic

name 172.16.0.2 Linux

name 192.168.2.0 Stockphone_outside

object-group service Stock_phone tcp-udp

port-object eq 44440

static (InsideLocal,KT-1) linuxpublic Linux netmask 255.255.255.255 dns

This line didn't work connection attempts time out.

access-list KT-1_access_in extended permit tcp Stockphone_outside 255.255.255.0 object-group Stock_phone host Linux object-group Stock_phone

This line allowed traffic but doesn't limit it to the desired outside subnet

access-list KT-1_access_in extended permit tcp any host Linuxpublic object-group Stock_phone

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-09-2013 09:00 PM

Hello Chris,

ACL should be

access-list KT-1_access_in permit tcp Stockphone_outside 255.255.255.0 host 10.1.10.4 eq 44440

access-list KT-1_access_in permit udpStockphone_outside 255.255.255.0 host 10.1.10.4 eq 44440

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card