Cisco ASA Static PAT / Port forwarding / Port Redirection Problem

Unanswered Question
Jul 23rd, 2008
User Badges:

I currently have a situation, where I want to configure a static translation for a single outside IP going to multiple internal IP's, on a different tcp port for each. Normally I would be able to do this, I have done it in the past, but this situation has 1 difference, where the port that I am forwarding to on the internal IP side is different, I have a posted an example below. It is not working the way I would think, when I connect to the https page, of a DRAC card on a dell server, I get the security warnings and all, and accept, but when it trys to pull up the page, it times out. Is this something to do with my configuration on the ASA, or maybe something with the DRAC card itself, has anyone experienced this before? If i do not change the port, and use 443 on the outside and inside, it works fine, but I dont want the outside to see 443, but 5001, 5002 etc etc, going to different internal IP's, on 443.




static (DRAC,outside) tcp 216.x.x.x 5001 10.251.0.1 https netmask 255.255.255.255


Thanks for any help you can provide.


Jason

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jasonch518_2 Wed, 07/23/2008 - 10:04
User Badges:


static (DRAC,outside) tcp 216.x.x.x 5001 10.251.0.1 https netmask 255.255.255.255

static (DRAC,outside) tcp 216.x.x.x 5002 10.251.0.2 https netmask 255.255.255.255

static (DRAC,outside) tcp 216.x.x.x 5003 10.251.0.3 https netmask 255.255.255.255


The above do not work, but I would like them to.



static (DRAC,outside) tcp 216.x.x.x https 10.251.0.1 https netmask 255.255.255.255


This method works, but it does not meet my security needs, yes I do have the option of doing a different outside IP for each DRAC card, and then doing the 443 to 443, but it is again not meeting my security needs, and i do not want to use that many different outside IP addresses.

Jasonch518_2 Wed, 07/30/2008 - 17:40
User Badges:

Anyone have any input on this, still have not been able to get it working.


cisco24x7 Wed, 07/30/2008 - 18:51
User Badges:
  • Silver, 250 points or more

I had the same configuration as you and

it works for me:


static (DRAC,outside) tcp interface 5001 192.168.1.1 https netmask 255.255.255.255

static (DRAC,outside) tcp interface 5002 192.168.1.2 https netmask 255.255.255.255

static (DRAC,outside) tcp interface 5003 192.168.1.3 https netmask 255.255.255.255


The only exception is that I have a Redhat

Linux Apache Server serving https and I can

see the page without any issues.


Then again, I am using Pix version 7.0(7)

which is a stable version. You may want to

give version 7.0(7) a try.



Actions

This Discussion