Re: asa 5510 port forwarding question

m.leuschner · ‎10-22-2008

Hello,

I'm trying to configure a asa 5510 to forward the smtp port to a host on my network. If the destination host is in the same subnet like the asa and the gateway of the host is the inside ip of the asa, all works fine. Now my question, is it posible to redirect the port to a host on an other subnet, where the destination host has not the asa as gateway? On my first try I got a SYN Timeout error. Is it true, that the tcp handshake only works if the destination host has the asa as gateway?

Thanks for your help!

acomiskey · ‎10-22-2008

It should work fine. Just make sure the ASA has a route to the other network.

m.leuschner · ‎10-22-2008

the asa has a route to the other network. the trace route to the destination host is successful and the trace route from the destination host to the inside interface from the asa ist successful. but, i still get a SYN Timeout Error on the asa...

mike

andrew.prince · ‎10-22-2008

Interesting issue - never really played around with this. However in theory - it should make no difference, as longs as the following are true:-

1) The ASA has a route for the remote IP subnet pointing to a next hop device, it's connected to; ideally a layer 3 router.

2) The remote IP subnet also can route back to the ASA, via a layer 3 router.

At the end of the day - it's down to routing IP properly in the network.

HTH>

risenshine4th · ‎10-23-2008

This sounds like a route is missing. Likely missing on the subnet side. This is where I's look.