Port redirect with ASA - From inside to inside host

fabiossilva · ‎06-16-2008

Hi all, is there any way to make a NAT with ASA that... catch the port 80 and redirect to a port 8080 in a internal server?

I know that with iptables i can do it.. but... with ASA i dont know if its possible... could anyone help me?

I have read some post in this forum about it.. but.. im trying to find a solution for this issue.

Regards,

Fabio

Fernando_Meza · ‎06-16-2008

Hi,

Yes you can use static translation for that. For example if you need to translate an incoming connection on port 80 to a server listening on port 8080 what you need to do is define the respective interfaces where the packet is coming from and where the server sits. i.e

static (inside,outside) tcp 203.203.203.203 80 10.10.10.10 8080

The above command allows any tcp/80 to 203.203.203.203 connection initiated from the OUTSIDE side of the firewall to be translated to TCP/8080 on server 10.10.10.10 which is located behind the INSIDE interface.

You will also need to modify any access list applied to the outside interface - in the example above - to allow that connection .i.e

access-list Outside-IN permit tcp any host 203.203.203.203 eq 80

access-group Outside-IN in interface outside.

I hope it helps ... please rate it if it does !!!

fabiossilva · ‎06-17-2008

Hi fernando, thanks... but... i need to do it from a inside host... to a inside host... not from outside to inside...

Is it possible?

Regards,

Fabio

nomair_83 · ‎06-17-2008

I think u can..

just type static( inside,inside) tcp inside ip 80 webserver ip 8080.

This is a wild guess:) I never try this before

Regards,