Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2154
Views
10
Helpful
3
Replies

Cisco Asa : Opening Port 80,443 but limit it to specific Public IP's

Go to solution
LovejitSingh1313
Level 1
Level 1

‎09-04-2020 01:12 PM

Hello Experst @balaji.bandi  @Rob Ingram  @Marvin Rhoads 

 

private IP: 10.10.10.10

Public IP: 234.56.78.x

 

I want to map Private IP to Public IP for Port 80 and 443 but need to limit to specific Public IPs. Please help me accomplishing that. 

 

Thanks,

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-08-2020 03:09 PM

you can try below syntax (8.2 is too old used may be 8+years back).

 

static (inside,outside) tcp 234.56.78.x www 10.10.10.10 www netmask 255.255.255.255
static (inside,outside) tcp 234.56.78.x https 10.10.10.10 https netmask 255.255.255.255

or

static (inside,outside) tcp 234.56.78.x 80 10.10.10.10 80
static (inside,outside) tcp 234.56.78.x 443 10.10.10.10 443


ACL

access-list Out_IN permit tcp any host 234.56.78.x eq 480
access-list Out_IN permit tcp any host 234.56.78.x eq 443

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-04-2020 01:29 PM

You need ACL and NAT here - since we do not know your exiting config 

 

the high level here is config -

 

 

NAT

object network HTTP_IN
host 10.10.10.10
nat (inside,outside) static 234.56.78.x service tcp 80 80
!
object network HTTPS_IN
host 10.10.10.10
nat (inside,outside) static 234.56.78.x service tcp 443 443
!

 

ACL to Permit

access-list Out2In permit tcp any host 10.10.10.10 eq 80
access-list Out2In permit tcp any host 10.10.10.10 eq 443
!
access-group Out2In in interface outside

 

Test and advise

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
LovejitSingh1313
Level 1
Level 1
In response to balaji.bandi

‎09-08-2020 01:22 PM

Hello @balaji.bandi  @Rob Ingram 

 

Its running on 8.2 Version and i think this OS needs bit different commands. Any help will be appreciated.

 

Thanks,

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-08-2020 03:09 PM

you can try below syntax (8.2 is too old used may be 8+years back).

 

static (inside,outside) tcp 234.56.78.x www 10.10.10.10 www netmask 255.255.255.255
static (inside,outside) tcp 234.56.78.x https 10.10.10.10 https netmask 255.255.255.255

or

static (inside,outside) tcp 234.56.78.x 80 10.10.10.10 80
static (inside,outside) tcp 234.56.78.x 443 10.10.10.10 443


ACL

access-list Out_IN permit tcp any host 234.56.78.x eq 480
access-list Out_IN permit tcp any host 234.56.78.x eq 443

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card