Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
3
Replies

Outside to inside translate question. ASA5505

Go to solution
Monocerebric
Level 1
Level 1

‎11-19-2018 10:57 AM - edited ‎03-08-2019 04:38 PM

Hi all!

 

I have a ASA5505 at a customer's environment and they want to have another location connect to an internal server for a certain type of communication. I want to use ASDM (6.2) to make the proper arrangement.

 

Situation:

Static IP X is the external facing IP of Location A (my customer's environment)

Static IP Y is the External facing IP of Location B (the second office)

Port 12345 is the port used internally at Location A

The internal IP is Z at Location A

 

How can I allow Location B on IP Y to connect to Location A on IP X to forward to Internal IP Z with Port 12345?

 

Location B should be using port 12345 to connect to 12345 internally at Location A

 

Many thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mkazam001
Level 3
Level 3

‎11-19-2018 11:57 AM - edited ‎11-19-2018 11:58 AM

hi, this is called port-forwarding & can be done via the CLI - i don't use the asdm so i can't advise about that:

its not too difficult as you can see below, just create 2 objects - 1 with internal IP & 1 with external IP, a static nat statement, and you need the acl to allow your source IP through

you may have to change the interface names below and instead of 'any' as the source use the ext facing IP of location B eg. 200.2.2.2 255.255.255.255 or host 200.2.2.2

 

object network websvr-ext
host 100.1.1.10
object network websvr-int2
host 172.16.0.10
nat (dmz,outside) static websvr-ext service tcp 12345 12345
access-list outside-in ext permit tcp any object websvr-int2 eq 80

 

you can access CLI via asdm - under tool perhaps?

 

regards, mk

please rate as solved if it so :)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
mkazam001
Level 3
Level 3

‎11-19-2018 11:57 AM - edited ‎11-19-2018 11:58 AM

hi, this is called port-forwarding & can be done via the CLI - i don't use the asdm so i can't advise about that:

its not too difficult as you can see below, just create 2 objects - 1 with internal IP & 1 with external IP, a static nat statement, and you need the acl to allow your source IP through

you may have to change the interface names below and instead of 'any' as the source use the ext facing IP of location B eg. 200.2.2.2 255.255.255.255 or host 200.2.2.2

 

object network websvr-ext
host 100.1.1.10
object network websvr-int2
host 172.16.0.10
nat (dmz,outside) static websvr-ext service tcp 12345 12345
access-list outside-in ext permit tcp any object websvr-int2 eq 80

 

you can access CLI via asdm - under tool perhaps?

 

regards, mk

please rate as solved if it so :)

0 Helpful

Go to solution
Monocerebric
Level 1
Level 1
In response to mkazam001

‎11-19-2018 06:28 PM

Thanks.  Is the eq 80 on the acl necessary if my example port is 12345 not using http?

0 Helpful

Go to solution
mkazam001
Level 3
Level 3
In response to Monocerebric

‎11-20-2018 12:23 AM

sorry, that was a type - should be eq 12345

please rate as solved if the case was so :)

regards, mk

0 Helpful
Customers Also Viewed These Support Documents