Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9014
Views
0
Helpful
19
Replies

Setting up port forwarding ASA 5505

Go to solution
joelpc1976
Level 1
Level 1

‎03-15-2012 08:14 AM - edited ‎03-11-2019 03:42 PM

Hello,

     We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.

     We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?

     The equipment is:

  • ASA 5505
  • ASA Version 7.2(4)
  • ASDM Version 5.2(4)

     I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general. Thank you in advance for the replies.

Labels:
0 Helpful
19 Replies 19

Go to solution
joelpc1976
Level 1
Level 1
In response to joelpc1976

‎03-15-2012 04:51 PM

Alex,

I did find this listed under another topic:

static (inside,outside)

https://supportforums.cisco.com/thread/2110044

That is the thread I pulled it from. Could really work like that?

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to joelpc1976

‎03-15-2012 04:53 PM

Joel,

That's correct - a static NAT plus the access-list entry allowing the traffic from outside to inside on the IP address plus tcp ports your server requires. No subinterface or second interface is required (assuming your additional IP is in the same network as the original one or that your ISP is routing it as in the example cited in the link you found). When you add the static NAT it will allow the ASA to respond to arps received on the outside interface, populate the xlate table and respond accord to the access-list and nat rules you have configured.

0 Helpful

Go to solution
joelpc1976
Level 1
Level 1
In response to Marvin Rhoads

‎03-15-2012 05:00 PM

Marvin,

Thanks. I'll be trying this tomorrow. All the help is really appreciated.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
joelpc1976
Level 1
Level 1
In response to Marvin Rhoads

‎03-16-2012 12:55 PM

Marvin,

This got us up and running. Thank you so much for your help.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to joelpc1976

‎03-16-2012 01:13 PM

Great - you're welcome. Thanks for confirming the solution and letting us know.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card