Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
860
Views
5
Helpful
7
Replies

Cisco ASA 5520 PAT Rule Not Working

Go to solution
Redrobin
Level 1
Level 1

‎06-14-2018 03:06 AM - edited ‎02-21-2020 07:52 AM

Hi Support,

 

I am having problems applying a PAT rule on a ASA 5520 8.2 ASDM 6.1 ( I am aware it needs upgrading).

 

I am basically trying to translate outside connections into a web server using 4443 to redirect to 443  to server 192.168.1.1 (Staff-Argon).

 

Below is what I have setup;

 

static (3-Staff,0-outside) tcp interface 4443 Staff-Argon https netmask 255.255.255.255

access-list 0-outside_access_in extended permit tcp any host Staff-Argon eq https

 

On a packet trace it failed at NAT and telnet test faills to the external facing IP address on port 4443.

 

Got a bit stuck now and I am going in circles so any assistance is greatly appreciated.

 

Many thanks,

 

David

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Florin Barhala
Level 6
Level 6

‎06-14-2018 12:40 PM

Hi David,

Your original config is correct but the ACL: prior to 8.3 on the outside (in direction ACL) you need to allow access on 4443 on the public IP of the outside interface rather than the private IP:443.

View solution in original post

7 Replies 7

Go to solution
Daniele Giordano
Level 8
Level 8

‎06-14-2018 03:15 AM

Try this:

 conf t

 object network Staff-Argon

  host 192.168.1.1   (must be the private ip of your server)

  nat (3-Staff,0-outside) static interface service tcp 443 4443

 

access-list 0-outside_access_in extended permit tcp any host 192.168.1.1 eq https

 

 

Shoud work.

Regards.

 

0 Helpful

Go to solution
Redrobin
Level 1
Level 1
In response to Daniele Giordano

‎06-14-2018 09:51 AM - edited ‎06-14-2018 09:52 AM

Hi Daniele,

 

Most of these commands are not support on the asa version I am running unfortunately.

0 Helpful

Go to solution
Daniele Giordano
Level 8
Level 8
In response to Redrobin

‎06-14-2018 10:21 AM

add show version please

0 Helpful

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎06-14-2018 07:08 AM

open the outside if. up for 4443 instead of 443

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
Redrobin
Level 1
Level 1
In response to Dennis Mink

‎06-14-2018 09:55 AM

Hi Dennis,

 

Did you mean in the PAT rule or the ACL?

 

Thanks,

 

David

0 Helpful

Go to solution
Florin Barhala
Level 6
Level 6

‎06-14-2018 12:40 PM

Hi David,

Your original config is correct but the ACL: prior to 8.3 on the outside (in direction ACL) you need to allow access on 4443 on the public IP of the outside interface rather than the private IP:443.

Go to solution
Redrobin
Level 1
Level 1
In response to Florin Barhala

‎06-18-2018 04:08 AM

Thanks Florin, this worked perfectly your a life saver.

 

Thanks to everyone else also for your comments.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card