Cisco ASA5505 Single external IP to 3 multiple internal locations

bryant496 · ‎06-04-2018

Morning,

I have been asked to sort out a ASA5505 for a team for 3rd party access to a stand-alone system.

The request is to have a single external IP (eg. 81.0.0.1) which will redirect particular ports to the list below.

Port IP

6616 192.168.101.30

6617 192.168.101.30

6618 192.168.101.30

6619 192.168.101.30

6620 192.168.101.30

6621 192.168.101.30

6622 192.168.101.30

Port IP

6080 192.168.101.80

6443 192.168.101.80

6554 192.168.101.80

Port IP

6081 192.168.101.50

6442 192.168.101.50

6552 192.168.101.50

I am running ASA 9.1.7 and ASDM 7.9.

Is anyone able to assist?

Bogdan Nita · ‎06-04-2018

You could configure nat something like this:

object-network 192.168.101.30-6616
host 192.168.101.30
nat (INSIDE,OUTSIDE) static 81.0.0.1 service tcp 6616 6616

You would also need to permit traffic on the outside acl.

HTH

Bogdan

Dennis Mink · ‎06-04-2018

Chris,

NAT and ACLs will do this.

Frist you will need to put an ACL in place to allow all these ports you added in your original post,

use something like (this uses a trange of ports as an example). you obviously need at least two nat rules to distinguishg between the two IP addresses of the servers

!
object network Obj-Internal-Server
 host 10.2.2.10
!
object service Obj-Ports-Range
 service tcp destination range 1000 2000

access-list inbound extended permit tcp any host 10.2.2.10 range 1000 2000
!
access-group inbound in interface outside

nat (outside,inside) source static any any destination static interface Obj-Internal-Server service Obj-Ports-Range Obj-Ports-Range

Please remember to rate useful posts, by clicking on the stars below.