asa 5510 port forwarding question

Unanswered Question
Oct 22nd, 2008
User Badges:


I'm trying to configure a asa 5510 to forward the smtp port to a host on my network. If the destination host is in the same subnet like the asa and the gateway of the host is the inside ip of the asa, all works fine. Now my question, is it posible to redirect the port to a host on an other subnet, where the destination host has not the asa as gateway? On my first try I got a SYN Timeout error. Is it true, that the tcp handshake only works if the destination host has the asa as gateway?

Thanks for your help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 10/22/2008 - 05:09
User Badges:
  • Green, 3000 points or more

It should work fine. Just make sure the ASA has a route to the other network.

m.leuschner Wed, 10/22/2008 - 06:09
User Badges:

the asa has a route to the other network. the trace route to the destination host is successful and the trace route from the destination host to the inside interface from the asa ist successful. but, i still get a SYN Timeout Error on the asa...


Interesting issue - never really played around with this. However in theory - it should make no difference, as longs as the following are true:-

1) The ASA has a route for the remote IP subnet pointing to a next hop device, it's connected to; ideally a layer 3 router.

2) The remote IP subnet also can route back to the ASA, via a layer 3 router.

At the end of the day - it's down to routing IP properly in the network.


risenshine4th Thu, 10/23/2008 - 08:24
User Badges:

This sounds like a route is missing. Likely missing on the subnet side. This is where I's look.


This Discussion