Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
5
Helpful
2
Replies

Port Fowarding on the ASA 5525

Go to solution
tumais
Level 1
Level 1

‎03-22-2018 12:57 AM - edited ‎02-21-2020 07:32 AM

Hi,

I'm currently migrating from a simple iptables Firewall to the Cisco ASA. I'm pretty much done, there's just one issue I'm having here. How do I setup port forwarding? I'm using ASDM but am also willing to use CLI if it helps the cause.

ASA v9.2, ASDM v7.2 Upgrades are not an option currently.

I only have one public IP address, which seems to be the issue here. I spent the whole day reading, testing and what not but I can't get it to work.

Example:
interface outside has IP address 10.1.1.100

internal server has IP address 192.168.1.1

Users now connect to 10.1.1.100:8080 and shall be forwarded to 192.168.1.1:80

 

I tried creating a NAT rule with IP address 10.1.1.100 as original destination but it says

"Original Destination Address overlaps with the IP address for the interface outside"

Well, yes, that's what I want to do. I read up on a few threads around here but none of those seemed to work. I tested with the ASDM Packet Tracer mainly.

 

It seems to be overly complicated to do this if you don't have multiple public IP addresses. Even the documentation only serves examples with different public IP addresses. This is just not the case here.

It seems, people got it to work but I just don't see how. I'm not a friend of asking for step-by-step instructions but I'm really stuck here.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎03-22-2018 02:49 AM

Should be something like this:

object network OBJ-192.168.1.1-STATIC-PAT
 host 192.168.1.1
 nat (INSIDE,OUTSIDE) static interface service tcp 80 8080

 

HTH

Bogdan

View solution in original post

2 Replies 2

Go to solution
Bogdan Nita
VIP Alumni
VIP Alumni

‎03-22-2018 02:49 AM

Should be something like this:

object network OBJ-192.168.1.1-STATIC-PAT
 host 192.168.1.1
 nat (INSIDE,OUTSIDE) static interface service tcp 80 8080

 

HTH

Bogdan

Go to solution
tumais
Level 1
Level 1
In response to Bogdan Nita

‎04-03-2018 01:50 AM

Fresh week, fresh start.

Everything works as designed. I'm honestly not sure what the issue was. I looked at your answer, thought this is exactly what I did in ASDM and re-did it (in ASDM). Works.

Thanks for assuring me that I was on the right track here!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card