Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
9
Helpful
5
Replies

Port forwading on ASA5520/8.21

David Lin
Level 1
Level 1

‎09-23-2009 11:13 AM - edited ‎03-11-2019 09:19 AM

Hi,

I have setup NAT/PAT on ASA5520 and it 's working properly. Right now, I have one webserver resides on inside network and I want to forward 2 different IP addresses to this inside server by the same port, like below

Outside IP address1:80 -> Inside IP address:80

Outside IP address2:80 -> Inside IP address:80

But ASA doesn't allow me to do that, it prompts "ERROR: duplicate of existing static".

Can anyone advise how to achieve it? TIA!

Labels:
0 Helpful
5 Replies 5

David Lin
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-23-2009 11:49 AM

Jorge, thanks a lot.

The link instructs how to translate multiple IP addressed to a single IP addres. It works fine.

But is there any way to do the port translation like I mentioned above?

I trid below command but it didn't go.

static (inside,outside) tcp 172.16.1.10 8080 access-list Test ?

configure mode commands/options:

<0-65535> The maximum number of simultaneous tcp connections the local IP

hosts are to allow, default is 0 which means unlimited

connections. Idle connections are closed after the time

specified by the timeout conn command

dns Use the created xlate to rewrite DNS address record

netmask Configure Netmask to apply to IP addresses

norandomseq Disable TCP sequence number randomization

tcp Configure TCP specific parameters

udp Configure UDP specific parameters

Certainly, I can set up the ACE to block other ports on that IP address translation instead.

Thank you.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to David Lin

‎09-23-2009 12:04 PM

say local IP 10.10.10.10 - and public IPs 20.20.20.20, 20.20.20.30

access-list policy1 permit tcp host 10.10.10.10 eq 80 any

access-list policy2 permit tcp host 10.10.10.10 eq 80 any

static (inside,outside) tcp 20.20.20.20 8080 access-list policy1

static (inside,outside) tcp 20.20.20.30 8080 access-list policy2

Is this what you're trying to do?

[edit]

made couple of corrections - probably need to lab this one , but try it.

Regards

Jorge Rodriguez

David Lin
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎09-23-2009 01:10 PM

This way is also working!

Thanks a lot.

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to David Lin

‎09-23-2009 01:16 PM

You're welcome - glad is working.

Jorge Rodriguez
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card