Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Access Rule when ASA is BEHIND another router

OK, I have this issue where we have a need for some Bandwidth combining and failover, etc, so the client has a TP-Link installed.  From there it goes to the ASA, and from the ASA to the local LAN.

Customer has a camera system he wants to be able to see remotely.  Normally I would add an entry to the ASA along the lines of "traffic for my WAN port destined for port 5601 should be forwarded to 10.0.0.204".  However with the TP-LInk fronting things, I need a little deep thinking....

On the TP-Link I can create a rule like that, but I am thinking on the TP-Link I want a rule like:

Traffic for for WAN1 Port 5601 should be forwarded to ASA Outside IF (10.10.10.20)

On the ASA I would add a rule that says traffic for 10.10.10.20 Port 5601 should be forwarded to 10.0.0.204...

What do you think?  Am I "barking up the right tree" at least?

1 REPLY
Cisco Employee

I understood this: Inside

I understood this:

 

Inside camera (10.0.0.204:5601)-----ASA(10.10.10.20:5601)------TP-Link(WAN Public:5601)

 

So , You will need to do static PATs along the path as you already mentioned. In the ASA for example:

object network obj-10.0.0.204
nat (inside,outside) static 10.10.10.20 service tcp 5601 5601

In the TP-Link you translate from 10.10.10.20:5601 to public WAN IP in port 5601. Also dont forget the ACL entries allowing that port from lower security level to higher.

 

JJ

41
Views
0
Helpful
1
Replies
CreatePlease to create content