Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4379
Views
9
Helpful
4
Replies

Enable port Forwarding in ASA 5506

guillermo_cisco
Level 1
Level 1

‎11-12-2015 04:21 PM - edited ‎03-11-2019 11:52 PM

Hello!!

I need to enable the port forwarding ports 443, 80 , 33389 , and redirect it to my LAN server from 192.168.0 to access Public IP .

I have enabled NAT following rules :

network -server object obj
 host 192.168.0.251

HTTP service object
 service tcp eq source 80

HTTPS service object
 source service tcp eq 443

RDP service object
 source service tcp eq 3389

nat (inside , outside ) source static obj- service HTTP Server HTTP interface
nat (inside , outside ) source static obj- service interface HTTPS Server HTTPS
nat (inside , outside ) source static obj- RDP RDP Server service interface

What else do I need ??
Tanks for the help!!

Labels:
0 Helpful
4 Replies 4

Shivapramod M
Level 1
Level 1

‎11-12-2015 05:14 PM

Hi,

You are correct. You can create 3 static NAT on the ASA with different services.

Other than the NAT you need to configure the ACL with the destaintion as the real IP address.

But in your above NAT conifguration I do not see the mapped IP address. 

nat (inside,outside) source static real_IP mapped_IP service real_port mapped_port

Hope this helps,

Shivapramod M

guillermo_cisco
Level 1
Level 1
In response to Shivapramod M

‎11-13-2015 11:46 AM

Tanks for the answer Shivapramod M, Could you give me an example of the syntax for the ACL please??

0 Helpful

Shivapramod M
Level 1
Level 1
In response to guillermo_cisco

‎11-13-2015 05:10 PM

Hi Guillermo,

I belive you are have a public IP address outside and you would like to map it to a real IP with the port. Please correct me if it is incorrect.

sample configuration for the ACL

access-list outside_in extended permit tcp any host <real IP address>

access-group outside_in in interface outside ---(add it to the access group which you have)

Thanks,

Shivapramod M

P.S. Please rate helpful posts.

guillermo_cisco
Level 1
Level 1
In response to Shivapramod M

‎11-14-2015 09:43 AM

Thanks Shivapramod M , you were a great help, this is the final configuration:

nat (inside,outside) source static obj-Servidor interface service HTTP HTTP
nat (inside,outside) source static obj-Servidor interface service HTTPS HTTPS
nat (inside,outside) source static obj-Servidor interface service RDP RDP

access-list outside_access_in_SERVIDOR extended permit tcp any host 192.168.0.251 eq www
access-list outside_access_in_SERVIDOR extended permit tcp any host 192.168.0.251 eq https
access-list outside_access_in_SERVIDOR extended permit tcp any host 192.168.0.251 eq 3389

Best Regrads!!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card