Hi,So , if i understand it

Pius Nolih · ‎07-08-2015

Hi,

I have an ISP NAT router connecting to the Internet on WAN interface and connecting to ASA5525 ver9.2 on LAN interface.

Because ISP is already doing NATing as configured by the ISP, I have no choice but to do NATing on the firewall. here is the basic setup.

ISP Router

WAN - 203.78.56.12

LAN - 172.168.16.4

Firewall

WAN - 172.168.16.2

LAN - 172.168.17.18

Below is the NAT config on the ISP router which I am trying to allow Port forwarding to a server behind the firewall

ip nat inside source list NAT-LIST interface Virtual-PPP10 overload
ip nat inside source static tcp 172.168.16.2 3389 interface Virtual-PPP10 3389
ip route 0.0.0.0 0.0.0.0 Virtual-PPP10
!
ip access-list standard NAT-LIST
permit 172.168.0.0 0.0.255.255

The Firewall config is as follows:

nat (any,Outside) source dynamic any interface

!

object network InsideNetwork

nat (Inside,Outside) static 172.168.17.206 service tcp 3389 3389

any help would be greatly appreciated

Pius Nolih · ‎07-08-2015

Appologies....Any help on allowing Port forwarding on Double NAT would be greatly apprceiated

Vibhor Amrodia · ‎07-09-2015

Hi,

So , if i understand it correctly , this is the setup:-

PC(172.168.17.18) >> (INSIDE)ASA (OUTSIDE)>>(LAN) ISP(WAN)203.78.56.12

Router:-
ip nat inside source static tcp (This should be the ASA OUtside interface IP) 3389 interface Virtual-PPP10 3389

ASA:-

object network obj-172.168.17.18

host 172.168.17.18

nat (inside,outside) static interface service tcp 3389 3389

Thanks and Regards,

Vibhor Amrodia

Pius Nolih · ‎07-09-2015

Hi Vibhor,

Here is a clear setup. Let me know if the Diagram is not clear.

Currently as it is, Internet is working accept for Port Forwarding.