cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

9424
Views
5
Helpful
3
Replies
chevymannie
Beginner

Port Forwarding Outside Interface

Wanted to make sure I had my syntax right for this.  I'm trying to forward a port say 8030 from my outside interface to a host on the inside on 3389.

Here's what I have so far

object network 1.1.1.1

 host 1.1.1.1

 nat (inside,outside) static interface service tcp 3389 8030

access-list outside_in extended permit tcp any host 1.1.1.1 eq 8030

Trying to get this to work and I'm not seeing any hits on my outside ACL.

1 ACCEPTED SOLUTION

Accepted Solutions
Karsten Iwen
VIP Mentor

  • 1.1.1.1 is your internal IP in this scenario?
  • In the ACL you have to use the real port, same as you use the real IP (1.1.1.1):
access-list outside_in extended permit tcp any host 1.1.1.1 eq 3389

View solution in original post

3 REPLIES 3
Karsten Iwen
VIP Mentor

  • 1.1.1.1 is your internal IP in this scenario?
  • In the ACL you have to use the real port, same as you use the real IP (1.1.1.1):
access-list outside_in extended permit tcp any host 1.1.1.1 eq 3389

Worked like a charm once I put the real port in the outside ACL.  Thanks Karsten.

Rahul Govindan
Advocate

NAT Syntax looks ok to me, just need to check the ACL port to . You can use this guide as reference:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli#NETWORK-OBJECT-NAT

Can you run a packet-tracer from outside to inside to see what happens to the packet?

packet-tracer input outside tcp 4.2.2.2 12345 <public interface ip> 8030 detailed

Create
Recognize Your Peers
Content for Community-Ad