Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 - how to limit port forwarding to specific public subnet

I'd like to limit port forwarding to an inside IP so that only one specific /24 from outside can use that port

right now any outside (public) IP can use the port.

IP's for examples only

limit outside Public IP's to instead of any

port 44440 forwarded to inside has a public IP statically NATed to it

Here's what I've got in the config for this

name Linuxpublic

name Linux

name Stockphone_outside

object-group service Stock_phone tcp-udp

port-object eq 44440

static (InsideLocal,KT-1) linuxpublic Linux netmask dns

This line didn't work connection attempts time out.

access-list KT-1_access_in extended permit tcp Stockphone_outside object-group Stock_phone host Linux object-group Stock_phone

This line allowed traffic but doesn't limit it to the desired outside subnet

access-list KT-1_access_in extended permit tcp any host Linuxpublic object-group Stock_phone


ASA 5510 - how to limit port forwarding to specific public subne

Hello Chris,

ACL should be

access-list KT-1_access_in permit tcp Stockphone_outside host eq 44440

access-list KT-1_access_in permit udpStockphone_outside host eq 44440

Rate all of the helpful posts!!!



Follow me on

Looking for some Networking Assistance? Contact me directly at I will fix your problem ASAP. Cheers, Julio Carvajal Segura
CreatePlease login to create content