Announcement

Collapse
No announcement yet.

ASDM and Port Forwarding

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ASDM and Port Forwarding

    Hi all,

    This is my first post and I really could do with your help.

    I have a Cisco ASA 5510 appliance running ASDM 6.3

    We have a number of public IP addresses associated with our company.

    In order to utilise the IP addresses effectively I want to use one puplic IP address for two servers running on different ports.

    e.g.

    Public IP address 78.109.174.100

    for both

    Server 1 HTTPS and HTTP

    Server 2 FTP

    Both Servers live in the same subnet (DMZ)

    I believe this maybe port forwarding but could be completely wrong.

    I've tried creating a NAT rule that goes from Server 2 Network object to Server 1 external but this didn't work.

    Please can you help?

    I'm a novice with ASDM and any help in layman's terms would be appreciated.

  • #2
    Re: ASDM and Port Forwarding

    Dont use ASDM that much but the wizards are pretty straight forward. Remember you also need an ACL permitting said traffic coming in the outside interface inbound.

    ASA Code 8.2 and below

    static (inside,outside) tcp 78.109.174.100 80 "your internal ip" 80
    static (inside,outside) tcp 78.109.174.100 https "your internal ip" https
    static (inside,outside) tcp 78.109.174.100 21 "your internal ip" 21


    access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq http
    access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq https
    access-list OUTSIDE_TO_INSIDE permit tcp any host 78.109.174.100 eq ftp

    access-group OUTSIDE_TO_INSIDE in interface outside

    ASA Code 8.3 and above

    object network SERVER1 x.x.xx is your internal ip of host
    host x.x.x.x
    nat (dmz,outside) static PUBLIC_IP service tcp http http


    object network SERVER2
    host x.x.x.x
    nat (dmz,outside) static PUBLIC_IP service tcp https https


    object network SERVER3
    host x.x.x.x
    nat (dmz,outside) static PUBLIC_IP service tcp ftp ftp


    object network PUBLIC_IP
    host 78.109.174.100

    access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER1 eq http
    access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER2 eq https
    access-list OUTSIDE_TO_INSIDE permit tcp any object SERVER3 eq ftp

    access-group OUTSIDE_TO_INSIDE in interface OUTSIDE


    ***** The ACL hear references the "internal ip address" and not the external as in older ASA code.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment

    Working...
    X