port forwarding on mpls link

zeuscyril · ‎05-27-2012

hi all,

i am having cisco asa 5520 with internet having public ip and cisco 2911 with mpls link in my office .. the mpls link is between my HO and my branch

i am putting my webserver in the branch side i want to port forward one of my publicip in my office to be forwarded to branch web server.

is it poosible on the firewall ouside the local network.

thanks

cyril

Jennifer Halim · ‎05-27-2012

Yes, it is possible to configure port forwarding on the firewall with ip address not local to the network, as long as the web server default gateway at the branch is pointing towards the ASA at the HQ.

I assume that the branch office internet gateway is via the HQ through MPLS?

zeuscyril · ‎05-27-2012

hi jenni,

i am having seperate internet on my branch side but there is DSL 100mps with dynamic ip.

so i want to use my mpls link to forward the ports in my firewall.

is there any possiblity to confgiure without changing gateway because we are having some vlans on my branch side.

thanks

cyril

Jennifer Halim · ‎05-27-2012

No, if you are port forwarding on your HQ firewall, that means traffic is coming in via HQ, and since branch office has its own internet connection, that means the return traffic will be routed via the branch office internet, and this is asymetric routing, and packet will be dropped on the ASA firewall.

To port forward on HQ firewall, the traffic needs to come in and out the same firewall.