Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
0
Helpful
4
Replies

Port Forwarding on Cisco ASA 5500

Go to solution
tonyk0001
Level 1
Level 1

‎03-14-2017 02:40 AM - edited ‎03-12-2019 02:03 AM

Hi team,

I am using CISCO ASA5555 as my Internet Gateway with only one ISP (One Public IP).

Everything is working Ok but I want to access my Camera system on the internet using ports HTTP:80, RTSP:554,Server port:8000, HTTPS:443.

I have tried some commands but none seems to work.

Kindly advise on how to proceed.

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to tonyk0001

‎03-14-2017 09:53 AM

That would not be affected. What happens is that the ASA reserves only the ports (not the entire public ip address) that is used for port forwarding and does not re-use them for your dynamic NAT.

For example, internet traffic initiated from your lan to the internet will have source port as 50000 and destination port as 443. The ASA uses the dynamic translation to change source port to 60000 for example. Return traffic matches the built connection and comes back to the user.

Portforwarding traffic is initiated from m an internet client on say port 55000 to public ip address on port 443. The ASA changes the destination ip address to your camera server and sends it in. There should not be any conflict between the dynamic PAT and Port forwarding NAT rule.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎03-14-2017 02:50 AM

You would have to create port forwarding rules for each of the services as given in this doc:

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html#anc10

Instead of a separate public ip address used in this doc, use the "interface" keyword to forward traffic that comes in to your public ip address. Another doc that uses the ASA public interface is here:

http://www.petenetlive.com/KB/Article/0000077

0 Helpful

Go to solution
tonyk0001
Level 1
Level 1
In response to Rahul Govindan

‎03-14-2017 09:46 AM

Hi Rahul,

That is understandable and I already configured the natting for the LAN network to access the internet on the interface (outside to be specific).

My concern is, If I do the same for the forwarding, Wont the Access-list and the natting for the port forwarding interfere with the ones I created prior (For the LAN internet access)

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni
In response to tonyk0001

‎03-14-2017 09:53 AM

That would not be affected. What happens is that the ASA reserves only the ports (not the entire public ip address) that is used for port forwarding and does not re-use them for your dynamic NAT.

For example, internet traffic initiated from your lan to the internet will have source port as 50000 and destination port as 443. The ASA uses the dynamic translation to change source port to 60000 for example. Return traffic matches the built connection and comes back to the user.

Portforwarding traffic is initiated from m an internet client on say port 55000 to public ip address on port 443. The ASA changes the destination ip address to your camera server and sends it in. There should not be any conflict between the dynamic PAT and Port forwarding NAT rule.

0 Helpful

Go to solution
tonyk0001
Level 1
Level 1
In response to Rahul Govindan

‎03-14-2017 09:50 PM

Hi Rahul, Thanks alot. So in this case I guess I should use port forwarding with NAT.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card