Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
888
Views
0
Helpful
5
Replies

Need help with port forwarding

Go to solution
davidwu2007
Level 1
Level 1

‎04-20-2012 07:39 AM - edited ‎03-11-2019 03:56 PM

Hi All,

Need help configuring the ASA 5510 for port forwarding.

I would like to configure the ASA5510 to open port 12345 and forward the traffic to a machine

behind the ASA, which has a IP address of 192.168.1.2.

Thank you!

David

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
varrao
Level 10
Level 10

‎04-20-2012 07:48 AM

What is teh public ip that you have, lets say it is the ASA outside interafce, then:

static (inside,outside) tcp interface 12345 192.168.1.2 12345

and then open the ACL:

access-list outside_access_in permit tcp any interface outside eq 12345

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to davidwu2007

‎04-20-2012 11:42 AM

Hello David,

Varun configuration's is perfect so please mark the question as answered on Varun's reply so future users can learn from your problem.

Now if you want to verifiy the Nat statements you can do a :

Show run static

In order to verifiy is the configuration you placed on your router is the one need it I would recomend you to do a packet-tracer:

packet-tracer input outside tcp 4.2.2.2 1025 interface_ip_address 12345

This will  lead you to all the steps the ASA takes to inspect and determine if a packet is secure or not.

Regards,

DO rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
5 Replies 5

Go to solution
varrao
Level 10
Level 10

‎04-20-2012 07:48 AM

What is teh public ip that you have, lets say it is the ASA outside interafce, then:

static (inside,outside) tcp interface 12345 192.168.1.2 12345

and then open the ACL:

access-list outside_access_in permit tcp any interface outside eq 12345

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Hope that helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
davidwu2007
Level 1
Level 1
In response to varrao

‎04-20-2012 07:57 AM

Thanks,

Yes, it's the ASA's outside interface. 

David

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to davidwu2007

‎04-20-2012 08:02 AM

Then the configuration that i have provided is the correct one, and you can also reference the doc.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
davidwu2007
Level 1
Level 1
In response to varrao

‎04-20-2012 08:59 AM

Thanks again.

One more question, how do I verify it on the ASA 5510?

David

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to davidwu2007

‎04-20-2012 11:42 AM

Hello David,

Varun configuration's is perfect so please mark the question as answered on Varun's reply so future users can learn from your problem.

Now if you want to verifiy the Nat statements you can do a :

Show run static

In order to verifiy is the configuration you placed on your router is the one need it I would recomend you to do a packet-tracer:

packet-tracer input outside tcp 4.2.2.2 1025 interface_ip_address 12345

This will  lead you to all the steps the ASA takes to inspect and determine if a packet is secure or not.

Regards,

DO rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card