Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2769
Views
0
Helpful
8
Replies

Setup Port Forwarding Cisco ASA

khoirul.iman
Level 1
Level 1

‎12-21-2015 04:47 AM - edited ‎03-12-2019 12:03 AM

Hi All,

I want to setup port forwarding in Cisco ASA (5512-x/ASDM 7.4).

The scenario : Outside interface directly connected to Internet, Inside interface directly connected to Web server. NAT and ACL already setup but I want to telnet web server using port 80 the web server couldn't be access

Labels:
0 Helpful
8 Replies 8

carlguer
Level 1
Level 1

‎12-21-2015 01:06 PM

Hi khoirul.iman,

Port-forwarding in your ASA depends on the version that you are currently running.

Here's a link to configure port-forwarding in the version 8.2:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113024-asa-82-port-forward-00.html

Here's a link to configure port-fordwarding in version 8.4 and latest:

https://supportforums.cisco.com/discussion/11596996/simple-port-forwarding-asa-84

example:

  • Port Forward

object network PORT-FORWARD

  host 192.168.1.100

  nat (inside,outside) static interface service tcp

0 Helpful

khoirul.iman
Level 1
Level 1
In response to carlguer

‎12-21-2015 08:58 PM

Hi carlguer,

Version  of my device 9.4. Do you have reference ?

0 Helpful

carlguer
Level 1
Level 1
In response to khoirul.iman

‎12-22-2015 07:52 AM

Hi khoirul.iman,

The configuration for the nat should be the same in 8.4 and in 9.4.

This is how it should look like:

  • Port Forward

object network PORT-FORWARD

  host 192.168.1.100

  nat (inside,outside) static interface service tcp

You can take a look at this link if you need additional information:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html

0 Helpful

khoirul.iman
Level 1
Level 1
In response to carlguer

‎12-23-2015 12:13 AM

Hi carlguer,

My Problem has solved

Thank you for your help

Khoirul

0 Helpful

Shivapramod M
Level 1
Level 1

‎12-21-2015 06:56 PM

Hi,

Can you share the NAT and ACL configuration (show run  nat, show run access-list)

 Can you run the packet tracer on the ASA and check if the firewall is dropping due to configuration error.

packet-tracer in outside tcp <source IP, any internet IP> 12345 <server public IP> 80 detail

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

khoirul.iman
Level 1
Level 1
In response to Shivapramod M

‎12-21-2015 08:56 PM

Hi Shivapramod,

On attachment I attach my device show run

Preview file
8 KB
0 Helpful

Shivapramod M
Level 1
Level 1
In response to khoirul.iman

‎12-21-2015 10:04 PM

Hi,

NAT configuration is not changed above version 8.4 and it looks like the configuration is correct.

I can see you are doing a PAT of 80 to 8080.

First thing I can see in your configuration is that the IP address as 10.0.3.0 which looks like a broadcast IP address. Is it possible to change the IP address?

second thing is,

As per your configuration If the firewall gets the tcp packet with the destination IP as 10.0.3.0 with and destination port as 8080 then it will translate to port 80. if you are accessing the server from outside using destination port 80 then it will not work. you need to access it on destination port 8080.

Thanks,
Shivapramod M
Please remember to select a correct answer and rate helpful posts

0 Helpful

khoirul.iman
Level 1
Level 1
In response to Shivapramod M

‎12-22-2015 07:33 AM

Hi Shivapramod,

My problem already solved. I tried to delete all NAT configuration and I reconfigure the NAT, I think there something that forgotten.

Thanks

Khoirul

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card