cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

272
Views
5
Helpful
4
Replies
Highlighted
Beginner

Port Forwarding Question on ASA 5506 (9.8)

I need to setup port forwarding on my ASA from external ports 5060-5061 and 10000-65000 to an internal host on port 5060 and 10000. Is this the correct configuration? Thanks in advance.

 

object service Obj-SIP
 service udp destination 5060
Object service Obj-RTP
 service udp destination 10000
 
object service Obj-UDP-Range
 service udp destination range 10000 65000
object service Obj-SIP-Range
 service udp destination range 5060 5061
 
access-list inbound extended permit udp any host X.X.X.X range 10000 65000
access-list inbound extended permit udp any host X.X.X.X range 5060 5061
access-group inbound in interface outside
 
nat (outside,inside_1) source static any any destination static interface obj_X.X.X.X service Obj-RTP Obj-UDP-Range
nat (outside,inside_1) source static any any destination static interface obj_X.X.X.X service Obj-SIP Obj-SIP-Range
Everyone's tags (2)
4 REPLIES 4
VIP Advisor

Re: Port Forwarding Question on ASA 5506 (9.8)

On high level looks good.

 

make sure you have inside_1  <-- you have this interface

BB
*** Rate All Helpful Responses ***
Beginner

Re: Port Forwarding Question on ASA 5506 (9.8)

Thanks for providing your thoughts. I just thought of this afterwards but will currently a connection only be able to be made coming from the public interface because it is nat (outside,inside) ? Say the internal host needs to initiate the connection do I need to add a nat (inside,outside) rule?
VIP Advisor

Re: Port Forwarding Question on ASA 5506 (9.8)

Do you have SIP inspect configured?

BB
*** Rate All Helpful Responses ***
Beginner

Re: Port Forwarding Question on ASA 5506 (9.8)

Yes I do have SIP inspection configured.

regards,
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here