09-26-2013 08:53 AM - edited 03-11-2019 07:44 PM
Gooood day,
I would like to forward traffice to serval devices behind my asa...
Outside 10.10.10.2
ie 10.20.61.4, Object4
10.20.615 Object5
10.20.616 Object6
access-list Outside_access_in extended permit tcp any Obect4 eq 6894
access-list Outside_access_in extended permit tcp any Obect4 eq 6895
need to know if this is possible
Solved! Go to Solution.
09-26-2013 10:45 AM
It is possible but you will also need a static pat. Assuming you are using the interface IP of outside, the following should work:
object network Object4_6894
host 10.20.61.4
nat (inside,outside) static interface service tcp 6894 6894
object network Object4_6895
host 10.20.61.4
nat (inside,outside) static interface service tcp 6895 6895
09-26-2013 12:30 PM
Hi Roger,
You'd then do something like this:
object network Object4_6894
host 10.20.61.4
nat (inside,outside) static interface service tcp 5402 6894
object network Object5_6895
host 10.20.61.5
nat (inside,outside) static interface service tcp 5402 6895
object network Object6_6896
host 10.20.61.6
nat (inside,outside) static interface service tcp 5402 6896
This config would allow all your internal servers to have the same port (5402), but someone from outside would contact them on different ports (6894-6896).
Is this what you were looking for?
09-26-2013 01:20 PM
ACLs would have 5402 (the original port number)
09-26-2013 10:45 AM
It is possible but you will also need a static pat. Assuming you are using the interface IP of outside, the following should work:
object network Object4_6894
host 10.20.61.4
nat (inside,outside) static interface service tcp 6894 6894
object network Object4_6895
host 10.20.61.4
nat (inside,outside) static interface service tcp 6895 6895
09-26-2013 12:16 PM
Im sorry, let change that, I realize that what we need is somethig a little different
We have only one port number but would like to access three different time clocks. port number is 5402
Outside 10.10.10.102. can we do something like this example attached.
http://www.noip.com/support/knowledgebase/multiple-servers-behind-a-nat-router/
09-26-2013 12:30 PM
Hi Roger,
You'd then do something like this:
object network Object4_6894
host 10.20.61.4
nat (inside,outside) static interface service tcp 5402 6894
object network Object5_6895
host 10.20.61.5
nat (inside,outside) static interface service tcp 5402 6895
object network Object6_6896
host 10.20.61.6
nat (inside,outside) static interface service tcp 5402 6896
This config would allow all your internal servers to have the same port (5402), but someone from outside would contact them on different ports (6894-6896).
Is this what you were looking for?
09-26-2013 01:04 PM
Ok....
so ACL would like?
access-list outside_access_in extended permit tcp any Object4_6894 eq 5402?and the like for others?
or
access-list outside_access_in extended permit tcp any Object4_6894 eq 6894
09-26-2013 01:20 PM
ACLs would have 5402 (the original port number)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: