cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9014
Views
0
Helpful
19
Replies

Setting up port forwarding ASA 5505

joelpc1976
Level 1
Level 1

Hello,

     We are trying to setup our ASA 5505 to do port forwarding to multiple internal servers and have run into some issues. A little background on what we are trying to do.

     We have 1 static external IP. Internally we have one exsisting server (10.1.1.184) that has port 80 forwarded to it and another exsisting server (10.1.1.185) that has port 443 forwarded to it. Both of these servers are serving seperate web apps to our employees who of course use them offsite. We have now added an additional server (10.1.1.186) that needs to use both ports 80 and 443. Is there any way to set it up so that these ports can be forwarded to all the servers that need them? Also, how would this work as far knowing what traffic will need to go to which server even though it is using the same port?

     The equipment is:

  • ASA 5505
  • ASA Version 7.2(4)
  • ASDM Version 5.2(4)

     I appologize in advance if what I'm trying to do is difficult/impossible. I inherted the ASA 5505 at this location and I was not here when it was initially installed. In fact no one on staff was here when it was initially installed. I did manage to find the passwords to it though. I'm not at all familiar with the ASA 5505 or Cisco secuirty appliances in general. Thank you in advance for the replies.

19 Replies 19

Alex,

I did find this listed under another topic:

static (inside,outside)

https://supportforums.cisco.com/thread/2110044

That is the thread I pulled it from. Could really work like that?

Sent from Cisco Technical Support iPad App

Joel,

That's correct - a static NAT plus the access-list entry allowing the traffic from outside to inside on the IP address plus tcp ports your server requires. No subinterface or second interface is required (assuming your additional IP is in the same network as the original one or that your ISP is routing it as in the example cited in the link you found). When you add the static NAT it will allow the ASA to respond to arps received on the outside interface, populate the xlate table and respond accord to the access-list and nat rules you have configured.

Marvin,

Thanks. I'll be trying this tomorrow. All the help is really appreciated.

Sent from Cisco Technical Support iPad App

Marvin,

This got us up and running. Thank you so much for your help.

Sent from Cisco Technical Support iPad App

Great - you're welcome. Thanks for confirming the solution and letting us know.

Review Cisco Networking for a $25 gift card