Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
916
Views
0
Helpful
1
Replies

ASA5505 Configuration Question

Lucas Kane
Level 1
Level 1

‎12-05-2012 08:51 AM - edited ‎03-11-2019 05:32 PM

I have a block of 5 IPs from my ISP. I have given one to the outside interface of my firewall and need to forward ports from the other IPs through the firewall to internal IPs.

I have created ACL and NAT rules for this but an unable to get it to work correctly.

Strange thing is, I currently have 3 separate physical networks with cisco 800 routers each with a connection to the internet on the same ISP subnet. (the ASA will eventually be used to replace this setup). I am able to access the servers on the ports I forward though the firewall from each of these other networks but not from anywhere else on the internet.

I must be missing something here.

Here is are the relevant pieces of my config:

interface Vlan1

nameif inside

security-level 100

ip address 10.86.20.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address x.x.x.85 255.255.255.0

!

access-list outside_access extended permit tcp any host x.x.x.83 eq 15000

access-list outside_access extended permit tcp any host x.x.x.83 eq 15001

access-list outside_access extended permit tcp any host x.x.x.83 eq 10000

access-list outside_access extended permit tcp any host x.x.x.83 eq https

access-list outside_access extended permit tcp any host x.x.x.83 eq www

access-list outside_access extended permit tcp any host x.x.x.83 eq ssh

access-list outside_access extended permit tcp any host x.x.x.83 eq ftp

!

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp x.x.x.83 10000 10.86.20.20 10000 netmask 255.255.255.255

static (inside,outside) tcp x.x.x.83 ssh 10.86.20.20 ssh netmask 255.255.255.255

static (inside,outside) tcp x.x.x.83 https 10.86.20.20 https netmask 255.255.255.255

static (inside,outside) tcp x.x.x.83 www 10.86.20.20 www netmask 255.255.255.255

static (inside,outside) tcp x.x.x.83 ftp 10.86.20.50 ftp netmask 255.255.255.255

static (inside,outside) tcp x.x.x.83 15001 10.86.20.50 15001 netmask 255.255.255.255

static (inside,outside) tcp x.x.x.83 15000 10.86.20.50 15000 netmask 255.255.255.255

access-group outside_access in interface outside

route outside 0.0.0.0 0.0.0.0 x.x.x.1 1

Labels:
0 Helpful
1 Reply 1

jurodri3
Level 1
Level 1

‎12-06-2012 08:11 AM

Duplicate question.

https://supportforums.cisco.com/message/3800074#3800074

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card