Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
3
Replies

confused asa 5520 port redirect

Go to solution
zhendong xu
Level 1
Level 1

‎12-15-2012 05:59 AM - edited ‎03-11-2019 05:37 PM

HI

The network was simple like thie

           lan-------------(gi 1)--asa5520--(gi 0)--------------wan

lan subnet is :  192.168.0.0/24

wan: only one ip address   1.1.1.1

The reqire was that:   allow all lan hosts  access to the internet  .

                                  there  is a www server  (192.168.1.10)  in lan. Need it to serve for internet.

I config the asa like this:

     interface gi 0

          nameif outside

          ip add 1.1.1.1 255.255.255.252

     interface gi 1

          nameif inside

          ip add 192.168.1.1

     object network lan_hosts

          subnet 192.168.1.0 255.255.255.0

          nat (inside,outside) after-auto dynamic source interface

     object networkd www_host

          host 192.168.1.10

          nat (inside,outside) static interface service tcp http http

after that, i access  the   http://1.1.1.1  from internet. BUT the port redirection wasn't work.

what's wrong .

can someone help me!

tks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-15-2012 06:05 AM

Hi,

Although I can't see anything wrong with the actual NAT configurations I would suggest the following for them

Default PAT for LAN

object-group network DEFAULT-PAT-LAN-SOURCE

network-object 192.168.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic DEFAULT-PAT-LAN-SOURCE interface

Port Forward configurations you can leave them as is.

Have you opened the traffic with ACL also?

For example

access-list OUTSIDE-IN Remark Allow HTTP for Server

access-list OUTSIDE-IN permit tcp any object www_host eq www

access-group OUTSIDE-IN in interface outside

Please rate if you have found the information helpfull. Ask more questions if needed.

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎12-15-2012 06:05 AM

Hi,

Although I can't see anything wrong with the actual NAT configurations I would suggest the following for them

Default PAT for LAN

object-group network DEFAULT-PAT-LAN-SOURCE

network-object 192.168.1.0 255.255.255.0

nat (any,outside) after-auto source dynamic DEFAULT-PAT-LAN-SOURCE interface

Port Forward configurations you can leave them as is.

Have you opened the traffic with ACL also?

For example

access-list OUTSIDE-IN Remark Allow HTTP for Server

access-list OUTSIDE-IN permit tcp any object www_host eq www

access-group OUTSIDE-IN in interface outside

Please rate if you have found the information helpfull. Ask more questions if needed.

- Jouni

0 Helpful

Go to solution
zhendong xu
Level 1
Level 1
In response to Jouni Forss

‎12-15-2012 07:25 AM

THANKS

I am a new guy form cisco asa firewall.

i forgot to add a access-list in outside .

now i have everything works fine.

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to zhendong xu

‎12-15-2012 07:27 AM

No problem,

Please rate and mark the question as asnwered

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card