12-30-2016 08:20 AM - edited 03-12-2019 01:43 AM
Wanted to make sure I had my syntax right for this. I'm trying to forward a port say 8030 from my outside interface to a host on the inside on 3389.
Here's what I have so far
object network 1.1.1.1
host 1.1.1.1
nat (inside,outside) static interface service tcp 3389 8030
access-list outside_in extended permit tcp any host 1.1.1.1 eq 8030
Trying to get this to work and I'm not seeing any hits on my outside ACL.
Solved! Go to Solution.
12-30-2016 09:17 AM
access-list outside_in extended permit tcp any host 1.1.1.1 eq 3389
12-30-2016 09:17 AM
access-list outside_in extended permit tcp any host 1.1.1.1 eq 3389
01-10-2017 05:16 PM
Worked like a charm once I put the real port in the outside ACL. Thanks Karsten.
12-30-2016 09:33 AM
NAT Syntax looks ok to me, just need to check the ACL port to . You can use this guide as reference:
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli#NETWORK-OBJECT-NAT
Can you run a packet-tracer from outside to inside to see what happens to the packet?
packet-tracer input outside tcp 4.2.2.2 12345 <public interface ip> 8030 detailed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide