cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2067
Views
5
Helpful
3
Replies

PORT FORWARDING ASA 5510

alexa
Level 1
Level 1

hello all-

i have a request to enable port forwarding for a camera in my  Cisco ASA 5510 and them port forwarding to internal local IP addresses. from and outside address users should be able to access the camera.

I have attached my running config so you can see what I currently have.

For Example the ports I require are as follows:

Service  name CAMERA_CAOUNT" this needs to allow TCP port 220000 & UDP 22000 to internal IP address 10.2.4.35 from static ip address on the outside.

 this is what i have setup and its not working

object network Internal_Camera_Server-01

host 10.2.4.35

nat (inside,outside) static interface service tcp 220000 220000

access-list inbound permit tcp any object Internal_Camera_Server-01 eq 220000

object network Internal_Camera_Server-02

host 10.2.4.35

nat (inside,outside) static interface service udp 22000 22000

access-list inbound permit up any object Internal_Camera_Server-01 eq 22000

 

access-group inbound in interface outside

any help would be greatly appreciated 

thank

  •  
1 Accepted Solution

Accepted Solutions

Peter Long
Level 1
Level 1

As I posted in your other question to Port Forward;

 

object network Internal_Camera_Server-01
host 10.2.4.35
nat (inside,outside) static interface service tcp 220000 220000
access-list inbound permit tcp any object Internal_Camera_Server-01 eq 220000
object network Internal_Camera_Server-02
host 10.2.4.35
nat (inside,outside) static interface service udp 22000 22000
access-list inbound permit up any object Internal_Camera_Server-01 eq 22000
access-group inbound in interface outside

Should do you assuming you don't already have an 'inbound' access list

But you specified you wanted a static NAT NOT port forwarding so heres how to do that from public IP 123.123.123.123

access-list inbound permit tcp any host 10.2.4.35 eq 22000
access-list inbound permit tcp any host 10.2.4.35 eq 220000
access-group inbound in interface outside
object network obj-10.2.4.35
host 10.2.4.35
nat (inside,outside) static 123.123.123.123

 

Pete

View solution in original post

3 Replies 3

Gregory Leeson
Level 1
Level 1

Hi

 

It looks like you have the wrong TCP port.  Port ranges go up to 65,535.  You may have an extra zero in there.  I'd start with that and see if it fixes your issue.

 

Greg

i just mistype the port #

Peter Long
Level 1
Level 1

As I posted in your other question to Port Forward;

 

object network Internal_Camera_Server-01
host 10.2.4.35
nat (inside,outside) static interface service tcp 220000 220000
access-list inbound permit tcp any object Internal_Camera_Server-01 eq 220000
object network Internal_Camera_Server-02
host 10.2.4.35
nat (inside,outside) static interface service udp 22000 22000
access-list inbound permit up any object Internal_Camera_Server-01 eq 22000
access-group inbound in interface outside

Should do you assuming you don't already have an 'inbound' access list

But you specified you wanted a static NAT NOT port forwarding so heres how to do that from public IP 123.123.123.123

access-list inbound permit tcp any host 10.2.4.35 eq 22000
access-list inbound permit tcp any host 10.2.4.35 eq 220000
access-group inbound in interface outside
object network obj-10.2.4.35
host 10.2.4.35
nat (inside,outside) static 123.123.123.123

 

Pete

Review Cisco Networking for a $25 gift card