cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

720
Views
10
Helpful
3
Replies
Highlighted

Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's

Hello Experst @balaji.bandi  @Rob Ingram  @Marvin Rhoads 

 

private IP: 10.10.10.10

Public IP: 234.56.78.x

 

I want to map Private IP to Public IP for Port 80 and 443 but need to limit to specific Public IPs. Please help me accomplishing that. 

 

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

you can try below syntax (8.2 is too old used may be 8+years back).

 

static (inside,outside) tcp 234.56.78.x www 10.10.10.10 www netmask 255.255.255.255
static (inside,outside) tcp 234.56.78.x https 10.10.10.10 https netmask 255.255.255.255

or

static (inside,outside) tcp 234.56.78.x 80 10.10.10.10 80
static (inside,outside) tcp 234.56.78.x 443 10.10.10.10 443


ACL

access-list Out_IN permit tcp any host 234.56.78.x eq 480
access-list Out_IN permit tcp any host 234.56.78.x eq 443

BB
*** Rate All Helpful Responses ***

View solution in original post

3 REPLIES 3
Highlighted
VIP Mentor

You need ACL and NAT here - since we do not know your exiting config 

 

the high level here is config -

 

 

NAT

object network HTTP_IN
host 10.10.10.10
nat (inside,outside) static 234.56.78.x service tcp 80 80
!
object network HTTPS_IN
host 10.10.10.10
nat (inside,outside) static 234.56.78.x service tcp 443 443
!

 

ACL to Permit

access-list Out2In permit tcp any host 10.10.10.10 eq 80
access-list Out2In permit tcp any host 10.10.10.10 eq 443
!
access-group Out2In in interface outside

 

Test and advise

BB
*** Rate All Helpful Responses ***
Highlighted

Hello @balaji.bandi  @Rob Ingram 

 

Its running on 8.2 Version and i think this OS needs bit different commands. Any help will be appreciated.

 

Thanks,

 

 

Highlighted
VIP Mentor

you can try below syntax (8.2 is too old used may be 8+years back).

 

static (inside,outside) tcp 234.56.78.x www 10.10.10.10 www netmask 255.255.255.255
static (inside,outside) tcp 234.56.78.x https 10.10.10.10 https netmask 255.255.255.255

or

static (inside,outside) tcp 234.56.78.x 80 10.10.10.10 80
static (inside,outside) tcp 234.56.78.x 443 10.10.10.10 443


ACL

access-list Out_IN permit tcp any host 234.56.78.x eq 480
access-list Out_IN permit tcp any host 234.56.78.x eq 443

BB
*** Rate All Helpful Responses ***

View solution in original post

Content for Community-Ad