Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4302
Views
0
Helpful
1
Replies
jschowalter
Beginner
Beginner
‎06-22-2012 02:29 PM
‎06-22-2012 02:29 PM

Configure Port Forwarding to Multiple Internal IP Addresses

ASA 5505 Firmware 8.3(4), ADSM 6.4(2)

Here is what I am trying to do...

I have a public IP address of 168.87.3.4

I need to forward ports (5060, 5080, etc.) to one internal address. (192168.1.1)

I need to foward different ports (10020-10080) to a different internal address (192.168.1.2)

Everything I read tells me how to do this in a 1 to 1 static NAT, but I cannot find any information on how to the above.

Labels:
0 Helpful
1 REPLY 1
Jose Pena
Beginner
Beginner
‎06-22-2012 08:39 PM
‎06-22-2012 08:39 PM

Justin, this sample is for ASA 8.4(3)

Single port from Internet to single LAN IP

object network LAN-PC1

host 10.10.100.50

object-group service LAN-PC1-8000 tcp

object-port eq 8000

access-list incoming extended permite tcp any object LAN-PC1 object-group LAN-PC1-8000 tcp

object network LAN-PC1

nat (any,outside) static interface service tcp 8000 8000

In the single port forwarding if you want to forward different ports from the Internface outside IP, you have to create a single object group per port.

This sample is more that one port to a single internal IP

object network LAN-SERVER01

host 10.10.100.10

object network WAN-SERVER01

host 8.8.8.8

object-group service LAN-SERVER-01-PORTS tcp

object-port eq 25

object-port eq 80

object-port eq 443

access-list incoming extended permite tcp any object LAN-SERVER01 object-group LAN-SERVER-01-PORTS tcp

object network LAN-SERVER01

nat (any,outside) static WAN-SERVER01

In multiports to a single LAN IP, you have to set all ports in group for a single LAN IP.

I hope this help enough.

Regards.

Jos.

0 Helpful
Latest Contents
CCIE Security in a Remote and Cloud Driven Network: SASE and...
Created by ciscomoderator on 04-22-2021 05:41 PM
0
0
0
0
Meet the Authors Event - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond (Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event will have place on Thursday 29th, April 2021 at 10... view more
Cisco and Radware - Securing your digital future
Created by Kelli Glass on 04-21-2021 05:16 PM
0
0
0
0
  Application Protection, Availability & Security Join our webinar May 6th to gain valuable industry insights into the most recent application cyber attacks and to understand the potential impact bot traffic is having on your business. Lear... view more
Cisco Wants your Feedback on the Secure Firewall Management ...
Created by caiharve on 04-21-2021 04:36 PM
0
0
0
0
Review the Cisco Secure Firewall Management Center (formally named "Firepower Management Center") on TrustRadius and receive a $25 gift card!     
ISE as RADIUS server for Password + Smart Card Authenticatio...
Created by deepuvarghese1 on 04-17-2021 06:22 AM
1
10
1
10
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS... view more
Email Security - QuoVadis Root Certificate Decommission Migh...
Created by dmccabej on 03-30-2021 09:32 AM
0
0
0
0
Problem Description For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b... view more
Content for Community-Ad