04-20-2012 07:39 AM - edited 03-11-2019 03:56 PM
Hi All,
Need help configuring the ASA 5510 for port forwarding.
I would like to configure the ASA5510 to open port 12345 and forward the traffic to a machine
behind the ASA, which has a IP address of 192.168.1.2.
Thank you!
David
Solved! Go to Solution.
04-20-2012 07:48 AM
What is teh public ip that you have, lets say it is the ASA outside interafce, then:
static (inside,outside) tcp interface 12345 192.168.1.2 12345
and then open the ACL:
access-list outside_access_in permit tcp any interface outside eq 12345
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml
Hope that helps.
Thanks,
Varun
04-20-2012 11:42 AM
Hello David,
Varun configuration's is perfect so please mark the question as answered on Varun's reply so future users can learn from your problem.
Now if you want to verifiy the Nat statements you can do a :
Show run static
In order to verifiy is the configuration you placed on your router is the one need it I would recomend you to do a packet-tracer:
packet-tracer input outside tcp 4.2.2.2 1025 interface_ip_address 12345
This will lead you to all the steps the ASA takes to inspect and determine if a packet is secure or not.
Regards,
DO rate all the helpful posts
Julio
04-20-2012 07:48 AM
What is teh public ip that you have, lets say it is the ASA outside interafce, then:
static (inside,outside) tcp interface 12345 192.168.1.2 12345
and then open the ACL:
access-list outside_access_in permit tcp any interface outside eq 12345
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml
Hope that helps.
Thanks,
Varun
04-20-2012 07:57 AM
Thanks,
Yes, it's the ASA's outside interface.
David
04-20-2012 08:02 AM
Then the configuration that i have provided is the correct one, and you can also reference the doc.
Thanks,
Varun
04-20-2012 08:59 AM
Thanks again.
One more question, how do I verify it on the ASA 5510?
David
04-20-2012 11:42 AM
Hello David,
Varun configuration's is perfect so please mark the question as answered on Varun's reply so future users can learn from your problem.
Now if you want to verifiy the Nat statements you can do a :
Show run static
In order to verifiy is the configuration you placed on your router is the one need it I would recomend you to do a packet-tracer:
packet-tracer input outside tcp 4.2.2.2 1025 interface_ip_address 12345
This will lead you to all the steps the ASA takes to inspect and determine if a packet is secure or not.
Regards,
DO rate all the helpful posts
Julio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide