Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1503
Views
0
Helpful
3
Replies

Cisco ASA port forwarding to non direct connect host

rodrigo-haim
Level 1
Level 1

‎12-12-2019 06:30 AM

Hello, I wanted to know if Cisco ASA support a port forwarding to host who is not directly connected, and the ASA learns this host via static route.

 

Regards,

 

Rodrigo Haim

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎12-12-2019 07:04 AM

Hi,

Yes you can do that. You can create a NAT object and create a rule in your ACL example:-

 

object nat SRV1
 host 10.2.2.5
 nat (inside,outside) static 1.1.1.1 service tcp 80 80

access-list OUTSIDE_IN permit tcp any host 10.2.2.5 eq 80

As long as the ASA can route to the real IP address (in this example 10.2.2.5) then the NAT will work.

 

HTH

0 Helpful

rodrigo-haim
Level 1
Level 1
In response to Rob Ingram

‎12-13-2019 06:31 AM

Hello, thank you for the answer,

So the host 1.1.1.1 is known by static route because is not direct connected?

Do we have to configure nat for the host 1.1.1.1 to have internet access? Or is not necessary?

 

Regards,

 

Rodrigo Haim

0 Helpful

Rob Ingram
VIP
VIP
In response to rodrigo-haim

‎12-13-2019 07:18 AM

In this example 1.1.1.1 is the natted IP address, it could be the actual interface of the ASA in required. You would need a route on the ASA to the real IP address (in this example 10.2.2.5) assuming it is not directly connected. This example is natting the public IP address 1.1.1.1 to the private IP address 10.2.2.5 on port 80.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card