Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2071
Views
0
Helpful
1
Replies

Asa ASDM port forward to different internal port

Go to solution
mmzzaq
Level 1
Level 1

‎07-16-2021 07:03 AM

I want to create a port forwarding rule on an Asa 5506 running ASDM 7.13. I have no problem making this work when the outside port is same as the internal port. So let's say, I need to allow ip 1.1.1.1 to connect to an FTP server running inside my network and behind the ASA. I normally create an ACL rule for port 21 and after that I create a NAT rule for port 21. Job done.

 

I now need to do the same for a web server, except the port inside my network is the regular port 80 but from the outside, I need remote computers to be able to connect to port 60080 and the ASA needs to map it to the web server on port 80.

remote computer > WAN -> my asa port 60080 > my lan > web server port 80 

 

I can't seem to make this happen on the Asa. Can anyone please help me do this through ASDM? I tried the Advanced tab of the webserver in its network object and set real port and mapped port, but the remote computer still couldn't connect. A quick Nmap scan returned a filtered port and there is no software firewall on the webserver so the error must be a misconfiguration of the Asa.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mmzzaq
Level 1
Level 1

‎07-16-2021 07:28 AM - edited ‎07-16-2021 07:39 AM

Nvm, I figured it out. My mistake was that I used port 60080 in the ACL rule, which should be 80 instead.
 
I also stopped using 'Add Automatic Address Translation Rules' on the network object and made a manual NAT rule in which you can set the outside port and the inside port. In the top Service section you need to enter the inside port (in this case 80) and in the middle/second Service section you need to enter the outside port (in this case 60080).

View solution in original post

0 Helpful
1 Reply 1

Go to solution
mmzzaq
Level 1
Level 1

‎07-16-2021 07:28 AM - edited ‎07-16-2021 07:39 AM

Nvm, I figured it out. My mistake was that I used port 60080 in the ACL rule, which should be 80 instead.
 
I also stopped using 'Add Automatic Address Translation Rules' on the network object and made a manual NAT rule in which you can set the outside port and the inside port. In the top Service section you need to enter the inside port (in this case 80) and in the middle/second Service section you need to enter the outside port (in this case 60080).
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card