06-16-2008 12:03 PM - edited 03-11-2019 06:00 AM
Hi all, is there any way to make a NAT with ASA that... catch the port 80 and redirect to a port 8080 in a internal server?
I know that with iptables i can do it.. but... with ASA i dont know if its possible... could anyone help me?
I have read some post in this forum about it.. but.. im trying to find a solution for this issue.
Regards,
Fabio
06-16-2008 04:24 PM
Hi,
Yes you can use static translation for that. For example if you need to translate an incoming connection on port 80 to a server listening on port 8080 what you need to do is define the respective interfaces where the packet is coming from and where the server sits. i.e
static (inside,outside) tcp 203.203.203.203 80 10.10.10.10 8080
The above command allows any tcp/80 to 203.203.203.203 connection initiated from the OUTSIDE side of the firewall to be translated to TCP/8080 on server 10.10.10.10 which is located behind the INSIDE interface.
You will also need to modify any access list applied to the outside interface - in the example above - to allow that connection .i.e
access-list Outside-IN permit tcp any host 203.203.203.203 eq 80
access-group Outside-IN in interface outside.
I hope it helps ... please rate it if it does !!!
06-17-2008 03:10 AM
Hi fernando, thanks... but... i need to do it from a inside host... to a inside host... not from outside to inside...
Is it possible?
Regards,
Fabio
06-17-2008 03:26 AM
I think u can..
just type static( inside,inside) tcp inside ip 80 webserver ip 8080.
This is a wild guess:) I never try this before
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide