Announcement

Collapse
No announcement yet.

ASA 5505 and port-forwarding of specific outside IP's

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASA 5505 and port-forwarding of specific outside IP's

    Need a few pro-tips on how to set up port-forwarding for specific outside IP's to access one specific IP on the inside, over one specific port on an ASA 5505, and thought I'd ask here. Been googling for most of the morning in order to figure things out, but I'm either too silly (very much a possibility) or too unfamiliar with the ASA 5505's to find things I need.

    The problem is basically letting three outside IP's access one IP on the inside through port 8081 on the outside which gets translated to port 81 on the inside.

    So the question is: any Gurus able to give some pointers on this to an ASA-noob?

  • #2
    Re: ASA 5505 and port-forwarding of specific outside IP's

    Pre-8.3 Code:

    (Static Nat Statement)

    static (inside,outside) tcp X.X.X.X 8081 Y.Y.Y.Y 81


    (ACL to allow traffic from outside to in)


    access-list OUTSIDE_IN permit tcp any host X.X.X.X eq 8081



    8.3 and Greater Syntax



    object network INSIDE_SERVER
    host Y.Y.Y.Y
    nat (inside,outside) static X.X.X.X service tcp 81 8081


    access-list OUTSIDE_IN permit tcp any host Y.Y.Y.Y eq 8081


    (Notice the different nat syntax and also in the ACL you allow the "internal ip address" as opposed to the "mapped address" like in 8.2


    (X=mapped address)

    (Y=real address)
    Last edited by auglan; 4th June 2012, 11:16.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: ASA 5505 and port-forwarding of specific outside IP's

      Thanks, will check this out. The box is running 8.2(5), so the first syntax should work.

      Cheers!

      Edit: Silly question, but do I understand correctly when I think that the mapped address is the outside-address of the appliance?
      Last edited by Fjordmonkey; 4th June 2012, 11:48.

      Comment


      • #4
        Re: ASA 5505 and port-forwarding of specific outside IP's

        Remember to apply the ACL to the outside interface:



        access-group OUTSIDE_IN in interface outside


        Correct the mapped address is what you are translating to or put another way what the address looks like from the outside.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: ASA 5505 and port-forwarding of specific outside IP's

          Thank you kindly, Sir!

          Won't see if it works until thursday, when the hardware will be installed at the location.

          Comment

          Working...
          X