cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
575
Views
5
Helpful
4
Replies

Port Forwarding Question on ASA 5506 (9.8)

F3nrir
Level 1
Level 1

I need to setup port forwarding on my ASA from external ports 5060-5061 and 10000-65000 to an internal host on port 5060 and 10000. Is this the correct configuration? Thanks in advance.

 

object service Obj-SIP
 service udp destination 5060
Object service Obj-RTP
 service udp destination 10000
 
object service Obj-UDP-Range
 service udp destination range 10000 65000
object service Obj-SIP-Range
 service udp destination range 5060 5061
 
access-list inbound extended permit udp any host X.X.X.X range 10000 65000
access-list inbound extended permit udp any host X.X.X.X range 5060 5061
access-group inbound in interface outside
 
nat (outside,inside_1) source static any any destination static interface obj_X.X.X.X service Obj-RTP Obj-UDP-Range
nat (outside,inside_1) source static any any destination static interface obj_X.X.X.X service Obj-SIP Obj-SIP-Range
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

On high level looks good.

 

make sure you have inside_1  <-- you have this interface

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for providing your thoughts. I just thought of this afterwards but will currently a connection only be able to be made coming from the public interface because it is nat (outside,inside) ? Say the internal host needs to initiate the connection do I need to add a nat (inside,outside) rule?

Do you have SIP inspect configured?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes I do have SIP inspection configured.

regards,
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: