port redirection in asa

Jonn cos · ‎07-04-2012

Hi all,

I am practicing some stuff in asa. I have a host on outside network(a router) which IP is 172.16.1.2. My inside host is 10.1.10.2. Now i just want to achieve this

1) From inside host, when i telnet 200.2.2.2 on port 2200, it should be redirected to 172.16.1.2 on port 23.

Kindly tell me if this is possible using ASA static statement ?

Jennifer Halim · ‎07-04-2012

For version 8.3 and higher:

object network obj-10.1.10.2

host 10.1.10.2

object network obj-200.2.2.2

host 200.2.2.2

object network obj-172.16.1.2

host 172.16.1.2

object service obj-tcp-eq-23

service tcp destination eq 23

object service obj-tcp-eq-2200

service tcp destination eq 2200

nat (inside,outside) source static obj-10.1.10.2 obj-10.1.10.2 destination static obj-200.2.2.2 obj-172.16.1.2 service obj-tcp-eq-2200 obj-tcp-eq-23

Jonn cos · ‎07-04-2012

Dear Maam,

m really sorry i didnt mention the version number. Its 8.2. Can you pls also tell the config of 8.2 using "static" syntax.

Pls dont mind and kindly tell

Jennifer Halim · ‎07-05-2012

Unfortunately that is not supported on ASA version 8.2 and lower.

superlubis · ‎07-11-2012

is this mean there is another method beside wccp to redirect some traffic ?

gouravbathla · ‎07-11-2012

IN 8.2 it is possible if

If your 172.16.1.2 is in your inside network and you are hitting from outside

Then Command will be

The Natting statement for this is

static (inside,outside) tcp 200.2.2.2 2200 172.16.1.2 telnet netmask 255.255.255.255

The access-list configured for permission

access-list outside extended permit tcp any host 172.16.1.2 eq telnet

Access-List is applied on outside interface

access-group outside in interface outside

nkarthikeyan · ‎07-11-2012

Hi all,

I am practicing some stuff in asa. I have a host on outside network(a router) which IP is 172.16.1.2. My inside host is 10.1.10.2. Now i just want to achieve this

1) From inside host, when i telnet 200.2.2.2 on port 2200, it should be redirected to 172.16.1.2 on port 23.

Kindly tell me if this is possible using ASA static statement ?

my view:

Inside (10.1.10.2)----> ASA<--Outside--->Rtr---->172.16.1.2..... Here you need to do nat on both the ends.....

because both ASA ouside interface and routers outside interface should be in public ip range as per your scenario..... you need to do nat on ur asa to get 10.1.10.2 to get pat to a public ip and then that public ip will reach the router Public ip and in that router you need to do PAT/NAT to get that translated to the private ip (172.16.1.2).....

Please let me know if my understanding is wrong....