Solved: Syntax looks ok to me. You

chevymannie · ‎12-30-2016

Wanted to make sure I had my syntax right for this. I'm trying to forward a port say 8030 from my outside interface to a host on the inside on 3389.

Here's what I have so far

object network 1.1.1.1

host 1.1.1.1

nat (inside,outside) static interface service tcp 3389 8030

access-list outside_in extended permit tcp any host 1.1.1.1 eq 8030

Trying to get this to work and I'm not seeing any hits on my outside ACL.

Karsten Iwen · ‎12-30-2016

1.1.1.1 is your internal IP in this scenario?
In the ACL you have to use the real port, same as you use the real IP (1.1.1.1):

access-list outside_in extended permit tcp any host 1.1.1.1 eq 3389

Karsten Iwen · ‎12-30-2016

1.1.1.1 is your internal IP in this scenario?
In the ACL you have to use the real port, same as you use the real IP (1.1.1.1):

access-list outside_in extended permit tcp any host 1.1.1.1 eq 3389

chevymannie · ‎01-10-2017

Worked like a charm once I put the real port in the outside ACL. Thanks Karsten.

Rahul Govindan · ‎12-30-2016

NAT Syntax looks ok to me, just need to check the ACL port to . You can use this guide as reference:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli#NETWORK-OBJECT-NAT

Can you run a packet-tracer from outside to inside to see what happens to the packet?

packet-tracer input outside tcp 4.2.2.2 12345 <public interface ip> 8030 detailed

Port Forwarding Outside Interface