06-04-2018 02:15 AM - edited 02-21-2020 07:50 AM
Morning,
I have been asked to sort out a ASA5505 for a team for 3rd party access to a stand-alone system.
The request is to have a single external IP (eg. 81.0.0.1) which will redirect particular ports to the list below.
Port IP
6616 192.168.101.30
6617 192.168.101.30
6618 192.168.101.30
6619 192.168.101.30
6620 192.168.101.30
6621 192.168.101.30
6622 192.168.101.30
Port IP
6080 192.168.101.80
6443 192.168.101.80
6554 192.168.101.80
Port IP
6081 192.168.101.50
6442 192.168.101.50
6552 192.168.101.50
I am running ASA 9.1.7 and ASDM 7.9.
Is anyone able to assist?
06-04-2018 03:48 AM
You could configure nat something like this:
object-network 192.168.101.30-6616
host 192.168.101.30
nat (INSIDE,OUTSIDE) static 81.0.0.1 service tcp 6616 6616
You would also need to permit traffic on the outside acl.
HTH
Bogdan
06-04-2018 03:53 AM
Chris,
NAT and ACLs will do this.
Frist you will need to put an ACL in place to allow all these ports you added in your original post,
use something like (this uses a trange of ports as an example). you obviously need at least two nat rules to distinguishg between the two IP addresses of the servers
! object network Obj-Internal-Server host 10.2.2.10 ! object service Obj-Ports-Range service tcp destination range 1000 2000
access-list inbound extended permit tcp any host 10.2.2.10 range 1000 2000 ! access-group inbound in interface outside
nat (outside,inside) source static any any destination static interface Obj-Internal-Server service Obj-Ports-Range Obj-Ports-Range
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide