04-28-2024 07:57 AM
Hi,
I have a Cisco ASA 5505 , software 9.1(2)
I need to forward port 443 from a specific hos. Lets say IP: 1.2.3.4 to my internal host 192.168.50.50
My outside interface has an IP, lets say 5.5.5.5. But my outside interface also listens to anyconnect which i suspect is running on port 443 already. I do have more IP available, i.e 5.5.5.6 and 5.5.5.7.
I've been trying to figure this out and seeing some videos but i cant sort it out. Anyone have suggestions on how to configure this using CLI would work.
- Allow traffic from IP 1.2.3.4 to internal host 192.168.50.50 on port 443.
Solved! Go to Solution.
04-28-2024 08:45 AM
Depend on the config,
I do have more IP available, i.e 5.5.5.6 and 5.5.5.7
if you have spare IP address then do the following to map static NAT
example :
object network webserver
host 192.168.50.50
nat (inside,outside) static 5.5.5.6
add ACL to allow the ports.
04-28-2024 08:06 AM - edited 04-28-2024 08:51 AM
You have more public IP you can use than IP of outside interface?
MHM
04-28-2024 08:45 AM
Depend on the config,
I do have more IP available, i.e 5.5.5.6 and 5.5.5.7
if you have spare IP address then do the following to map static NAT
example :
object network webserver
host 192.168.50.50
nat (inside,outside) static 5.5.5.6
add ACL to allow the ports.
04-28-2024 09:01 AM
Command need
Object network serverPublic
Host <public IP>
Object network serverPriv
Host <priv IP>
Access-list server extended permit tcp any serverPriv eq 443
Access-group server in interface OUT
Nat(IN'OUT) source static serverPriv serverPublic
That all what you need if you have more public IP
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide