Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
1
Replies

Port forwarding and port redirection

bogpsycho
Level 1
Level 1

‎04-04-2012 12:20 PM - edited ‎03-11-2019 03:50 PM

Hello everybody ! I'm new at the ASA5500 domain. I have a question: How can I redirect traffic coming on a port to a machine inside the lan listening to another port ? I would like to use ASDM.

Thank you in advance.

Labels:
0 Helpful
1 Reply 1

llamaw0rksE
Level 1
Level 1

‎04-06-2012 07:26 AM

Will assume for your example that external users corporate can only use port 80 outbound from their network.  THey need to access port 7777 behind the asa on a private inside host.

object network extuser

host 24.223.23.16

object network PCwith_Server

host 192.168.2.12

object network Nat4portforwardingService

host 192.168.2.12

object service specialfunction

service tcp destination eq 7777

object service corporate_port

service tcp destination eq 80

object-group catchall

service-object service special function

sercive-object service corporate_port

NOTE: I create the two service objects ports involved and lump them into a group object  for the acl rule.  It is still not clear in my mind how the asa actuallyhandles acls and nat in order due to a poorly documented support and  unnat process evident in packet tracing.   Normally according to docs ACLs are done first then nat, so one would expect in our example that port 80 only needs to have an outside ACL rule.  Due to experience I put both in the acl rule.......

-----------------------------------------------------------------------------------

ideally only need acl for port 80

access-list outside_access_in extended permit object corporate_port object extuser object PCwith_Server

to be safe this is what I use......

access-list outside_access_in extended permit object-group catchall  object extuser object PCwith_Server

(for any external user replace 'object extuser' with 'any'

-------------------------------------------------------------------------------------

object network NAT4portforwardingService

nat (inside,outside) static interface service  tcp 7777 www

---------------------------------------------------------------------------------------

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card