Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 - how to limit port forwarding to specific public subnet

I'd like to limit port forwarding to an inside IP so that only one specific /24 from outside can use that port

right now any outside (public) IP can use the port.

IP's for examples only

limit outside Public IP's to 192.168.2.0/24 instead of any

port 44440 forwarded to inside 172.16.0.2/32

172.16.0.2 has a public IP statically NATed to it

Here's what I've got in the config for this

name 10.1.10.4 Linuxpublic

name 172.16.0.2 Linux

name 192.168.2.0 Stockphone_outside

object-group service Stock_phone tcp-udp

port-object eq 44440

static (InsideLocal,KT-1) linuxpublic Linux netmask 255.255.255.255 dns

This line didn't work connection attempts time out.

access-list KT-1_access_in extended permit tcp Stockphone_outside 255.255.255.0 object-group Stock_phone host Linux object-group Stock_phone

This line allowed traffic but doesn't limit it to the desired outside subnet

access-list KT-1_access_in extended permit tcp any host Linuxpublic object-group Stock_phone

1 REPLY

ASA 5510 - how to limit port forwarding to specific public subne

Hello Chris,

ACL should be

access-list KT-1_access_in permit tcp Stockphone_outside 255.255.255.0 host 10.1.10.4 eq 44440

access-list KT-1_access_in permit udpStockphone_outside 255.255.255.0 host 10.1.10.4 eq 44440

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
143
Views
0
Helpful
1
Replies
CreatePlease login to create content