03-08-2021 09:13 AM
I have an ASA 5505 and I need to port forward multiple outisde ports to an inside host. I usually do a port forward to a single port with the following, as an example for external access to cameras via cli:
object network CAM_8000
host x.x.x.200 (IP of NVR)
nat (inside,outside) static interface service tcp 8000 8000
access-list outside-in extended permit tcp any host x.x.x.200 eq 8000
So is there a way to port forward multiple ports to one single host? I have about 500 ports I need to port-forward to an internal device, whether it be via ASDM or CLI. Thank you in advance.
03-08-2021 09:28 AM - edited 03-08-2021 09:29 AM
here is example : i did for 8000 and 8001, you change the port as per requirement.,
object network in-8000
host x.x.x.200
nat (inside,outside) static x.x.x.x service tcp 8000 8000 ( x.x.x.x external IP or interface )
!
object network in-8001
host x.x.x.200
nat (inside,outside) static x.x.x.x service tcp 8001 8001
access-list outside-in permit tcp any host x.x.x.200 eq 8000
access-list outside-in permit tcp any host x.x.x.200 eq 8001
03-08-2021 10:05 AM
What I am asking is if there is a more efficient way to do this? I have to port forward about 500 ports so this would take a very long time.
03-08-2021 10:35 AM
There is no other way, you need to add Manually those rules (by grouping them)
Not sure if we understand the requirement, PBX need to register? you need only 1 port for an external device to register?
It is for our PBX. We need to send out some phones to register to a PBX at a remote location, so we want them to go to our public IP and have those ports forwarded to the PBX for registration and call connection.
explain more to understand better
as per my knowledge, you need 5060/5061 for registration and media ports? is the PBX inside or devices?
03-08-2021 10:41 AM
Thanks for the reply. From what I understand, the phones need to register to the PBX and use a range of RTP ports in order to connect calls and such and those ports are selected randomly from that port range. Am I mistaken?
03-08-2021 05:07 PM
Those are high range ports you can use to allow high range port using the port range.
03-08-2021 09:53 AM
Hello
what single host on your network can be open for 500 ports!- apart from being quite unusual it quite dangerous from a security perspective?
03-08-2021 10:06 AM
You'll have to excuse me as I'm pretty new to this whole thing. It is for our PBX. We need to send out some phones to register to a PBX at a remote location, so we want them to go to our public IP and have those ports forwarded to the PBX for registration and call connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide