06-19-2014 08:34 AM - edited 03-11-2019 09:21 PM
Guys,
How do I achieve this port forwarding on ASA 5505.. Here is the situation
I have one host on inside lan
Host IP: 10.0.0.9
Outside ip: 65.65.65.100 (just an example)
So if a user from outside ssh into port 65.65.65.100:557, I want that traffic to go to 10.0.0.9:22
and if another user from outside ssh into port 65.65.65.100:7111, I want that traffic to go to 10.0.0.9:22
So basically when outside users connects to an IP on two different ports, I want that traffic to go to same host on same port number
Here is what I tried and I get "duplicate entry" error and it wont let me enter the second line
static(inside,outside) tcp 65.65.65.100 557 10.0.0.9 22
static (inside,outside) tcp 65.65.65.100 7111 10.0.0.9 22 <---This line fails
Please help
06-19-2014 02:29 PM
Hi avashifa09,
What comes to my mind right now is what if you upgrade to 8.3 or up and try port forwarding with objects (object network and object service)
I haven't tried yet this on my lab , so it may work or not...
Example of the config:
Object service telnet
service tcp destination eq telnet
object service portx
service tcp destination eq 9999
nat (out,DMZ) source static any any destination static interface dmzserver service portx telnet
Hope this helps.
Regards,
10-14-2014 09:09 PM
8.3 or high version supports this.. I was able to achieve it by upgrading to 8.3 or higher version. Sorry about posting this late
06-19-2014 02:43 PM
Here is the configuration that you need:
access-list ssh_557 permit tcp host 10.0.0.9 eq 22 any
access-list ssh_7111 permit tcp host 10.0.0.9 eq 22 any
static (inside,outside) tcp 65.65.65.100 557 access-list ssh_557
static (inside,outside) tcp 65.65.65.100 7111 access-list ssh_7111
ciscoasa(config)# show xlate detail
2 in use, 2 most used
Flags: D - DNS, d - dump, I - identity, i - dynamic, n - no random,
r - portmap, s - static
TCP PAT from inside:10.0.0.9/22 to outside(ssh_557):65.65.65.100/557 flags sr
TCP PAT from inside:10.0.0.9/22 to outside(ssh_7111):65.65.65.100/7111 flags sr
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide