Announcement

Collapse
No announcement yet.

First time configuring port forward on ASA 5505

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • First time configuring port forward on ASA 5505

    I am pretty new to Cisco ASA, never worked with it before. Need to forward port so outside users can access port 9009 on specified internal ip address. I am using ASDM 5.2, googled a bit, and found out that I need to add Static NAT rule in Configuration part of the GUI.

    Because this is my first time configuring this, I have several questions..

    So, in real address part, for interface I should put inside, ip address should be the private address needed, and subnet mask of course 255.255.255.255

    What should be put for static translation? Outside for interface and what for address?

    Also, because I need port to forward, should I check "Enable PAT" and should I put 9009 for both original and translated port?

    Also, does anything need to be enabled in NAT options?

    Thanks a lot, and sorry for these noob questions

  • #2
    Re: First time configuring port forward on ASA 5505

    real ip is inside int and ip of host

    static xlate should be outside and interface address

    yes 9009 for original and translated, this is where you can do forwarding like 4443 to 443 for example
    Cisco CCNA, CCDA, CCVP, Advanced Wireless Design Specialist, CCIP (in progress)

    Comment


    • #3
      Re: First time configuring port forward on ASA 5505

      didn't get this part "static xlate should be outside and interface address"

      What interface address should I put there? Outside address of interface, aka static public IP? There is a drop-down menu with "Interface IP" option, should I leave that?

      Thanks in advance

      Comment


      • #4
        Re: First time configuring port forward on ASA 5505

        you need a access-list to open the port on your ASA
        access_list outside_entry extended permit tcp any host <outside ip> eq 9009
        then tie the port to the inside ip
        static (inside,outside) tcp interface 9009 <inside ip> 9009 netmask 255.255.255.255
        then you need to apply the port you want to open to a interface
        access-group outside_entry in interface outside

        Comment

        Working...
        X