12-21-2011 08:23 AM - edited 03-11-2019 03:04 PM
May be a simple question for someone, but I need to see if anyone can give me the syntax for a port forward.
I need to forward port 55443 to an internal address ( lets call it 15.15.15.15) from two outside ip's ( 5.5.5.5 and 6.6.6.6)
These addresses need to see the server IP address (15.15.15.15) only and nothing else.
Can someone please give me the syntax or an example of the syntax to make the changes in my device? It is an ASA 5510
Thanks for hte help
-Jon
Solved! Go to Solution.
12-21-2011 09:31 AM
Hello Jon
What version are you running? Lets say it is 8.2
Static (inside,outside) tcp 5.5.5.5 55443 15.15.15.15 55443
access-list test permit tcp host 15.15.15.15 eq 54443 any
static(inside,outside) tcp 6.6.6.6 55443 access-list test
Remember to create the ACLs on the outside.
Give it a try and let me know if you need more help.
Please rate helpful posts,
Julio
12-28-2011 09:27 AM
Hello Jon,
They are two separate entries as I showed you on config terminal mode:
Object network Primary_Public
host 5.5.5.5
Let me know if you still unable to do it like that.
Regards,
Do rate helpful posts
Julio
12-21-2011 09:31 AM
Hello Jon
What version are you running? Lets say it is 8.2
Static (inside,outside) tcp 5.5.5.5 55443 15.15.15.15 55443
access-list test permit tcp host 15.15.15.15 eq 54443 any
static(inside,outside) tcp 6.6.6.6 55443 access-list test
Remember to create the ACLs on the outside.
Give it a try and let me know if you need more help.
Please rate helpful posts,
Julio
12-21-2011 09:49 AM
Julio,
The ASA version is 8.3(1).
Would this make a difference inthe syntax that you listed above?
Thanks
for the help.
-Jon
12-21-2011 10:03 AM
Hello Jon,
Yes, the syntax would be completely different:
Object network Primary_Public
host 5.5.5.5
Object network Secondary_Public
host 6.6.6.6
Object network Internal_host
host 15.15.15.15
Object service port_55443
service tcp source eq 55443
nat (inside,outside) source static Internal_host Primary_Public service port_55443 port_55443
nat (inside,outside) source static Internal_host Secondary_Public service port_55443 port_55443
Please rate helpful posts
Kind regards,
Julio
12-28-2011 05:22 AM
Julio
I tried entering the syntax you gave above, but it keeps hitting an error code at The "host" keyword of the line
Object network Primary_Public host 5.5.5.5.
What access level do I need to be in to enter the syntax? I tried it in configuration term, do i need to be higher or in a different config mode?
Are the lines "Object network Primary_Public
host 5.5.5.5"
two seperate entries lines or should they be entered as one line?
thanks
--Jon
12-28-2011 09:27 AM
Hello Jon,
They are two separate entries as I showed you on config terminal mode:
Object network Primary_Public
host 5.5.5.5
Let me know if you still unable to do it like that.
Regards,
Do rate helpful posts
Julio
12-28-2011 10:29 AM
Thank you Julio
Now the only problem that I have is it is catching on the first port number for the following statement:
nat (inside,outside) source static Internal_host Primary_Public service port_55443 port_55443
Is this supposed to be a 2 line statement as well?
-Jon
12-28-2011 10:47 AM
Hello Jon,
No, the Nat statements on 8.3 and prior versions are made of just one line (Great improvement).
Now that you have created the nat statement you just need the ACL pointing to the real ip address of the server, this becuase Nat is checked before the ACL on 8.3 and prior versions.
Do please rate helpful posts.
Regards,
Julio
12-29-2011 05:06 AM
Julio
I can't get the nat statement to enter. it errors out at the port number.
If I get the nat statement in, is there another statement for the ACL? What would the syntax for that be?
-Jon
12-29-2011 05:17 AM
Julio,
Here is the error that I get back:
nat(inside,outside) source static Internal_host Primary_Public service port_5544 ^3 port_55443
ERROR: % Invalid input detected at '^' marker.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide