ASA Port Forward

Dustin Flint · ‎03-20-2015

I have an ASA with 9.2.3. I need to forward from the outside interface to a client on the inside. I have a list of about 40 ports that need forward. I would really just like to forward anything tom outside address to inside client. And filter traffic using acl. I am having issues getting this correct.

Should I jsut do a standard static NAT?

Outside Inside

172.16.23.x ----> 10.0.0.2

Inside Outside

10.0.0.2 --------> 172.16.23.x

Jon Marshall · ‎03-20-2015

Is it the outside interface IP address or a spare IP address ?

Jon

Dustin Flint · ‎03-20-2015

Outside. So, I need all traffic hitting the outside interface address forwarded to a host on inside.

Jon Marshall · ‎03-20-2015

Do you really want to do that ie any port is sent to a single host ?

I'm not sure how this would work with any outbound access you may have at the moment.

Jon

Dustin Flint · ‎03-20-2015

Jon,

Yes, as far as I know this is for 1 machine that needs a real world IP address, but to be behind a firewall. So basically is ASA5505 with one machine behind it. It is not on our normal network

So essentially we are just provided 1 machine a real world IP, but putting it behind a FW so you can ACL just certain ports

Jon Marshall · ‎03-20-2015

Okay then but obviously no guarantees -

object network <NAME>
host 10.0.0.2
nat (inside,outside) static 172.16.23.x

Jon