Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 port forwarding

Has anyone succesfully created a port-forward in ASA5510, ASA version 8.3(1) ASDM6.3(1)?

I have spend hours now trying, but I'm still unsuccesfull.

What I want is a simple: "if this particular ip-adress hits the wan interface on this tcp-port redirect to this inside ip-address on this tcp-port.

I have never had any trouble on any other firewall creating something like this, but the ASA is killing me. Please help.

Kind regards Anders

Cisco Employee

Re: ASA 5510 port forwarding

See if this helps,

Old Configuration

static (inside,outside) tcp 80 8080 netmask

Migrated Configuration

object network obj-
nat (inside,outside) static service tcp 8080 www

I'll be more than happy to coonvert your entire configuration just in case you need it


New Member

Re: ASA 5510 port forwarding

Hi abinjola

Thanks for the fast response.

It's not a migrated config, but a brandnew box configured from scratch in 8.3

I have search for help in the online help of the box, and tried different howto's, besides just "fooling" around to get it to work, but completely unsuccesfull.

I think I need the exact commands, in order to understand anything of what is going on.

Kind regards Anders

Cisco Employee

Re: ASA 5510 port forwarding

Did the above example of port forwarding commands worked ? what exact config/commands do you need  ?

I understand 8.3 is a total somersault in terms of NAT syntax and handling, but once you get accustomed to it you would it will be as easy as a walk in a park

Meanwhile I am sending you a link for 8.3 command structures and different examples:


New Member

Re: ASA 5510 port forwarding


I tried but here's how it goes.

nat (mgmt,wan) static service tcp 823 23

ERROR: Address overlaps with wan interface address.

ERROR: NAT Policy is not downloaded

Cisco Employee

Re: ASA 5510 port forwarding


Please try the following:

Inside host

Outside address

Outside port HTTP

inside port 8080

object network Inside_server


object network Outside_server


object service Inside_port

service tcp source eq 8080

object service Outside_port

service tcp source eq 80

nat (inside,outside) source static Inside_server Outside_server service

Inside_port Outside_port

If you want to make it a policy NAT where this should be applicable only for

specific destination, then

object network Outside_dst


nat (inside,outside) source static Inside_server Outside_server destination

static Outside_dst Outside_dst service Inside_port Outside_port

On the outside interface access-list, you need to allow access to the actual

IP of the inside device on the actual port.

access-list outside_access_in permit tcp any host eq 8080

access-group outside_access_in in interface outside

Hope this helps.



New Member

Re: ASA 5510 port forwarding

I succeded. Thank you so much:)

Best regards Anders

New Member

ASA 5510 port forwarding

Hi ! Im an trying the same config but with no result

Address xx.xx.xx.xx overlaps with Outside interface address.

Any help?


Super Bronze

ASA 5510 port forwarding

Hi, Indrit Qesja

Can you please make a new discussion about your problem with some background information.

It will probably get more/better answers that way.

I can look through your issue when you've posted some background information about that kind of situation you have and what you are trying to accomplish.

- Jouni

ASA 5510 port forwarding


I am guessing you are using static nat against your outside interface's IP address   (for example

instead of using:

nat (inside,outside) static service tcp 21 21


nat (inside,outside) static interface service tcp 21 21

Please remember to rate useful posts, by clicking on the stars below.

New Member

ASA 5510 port forwarding

Hi dennis!

I will test the nat in static interface and i will come back in the forum

thank you very much