Has anyone succesfully created a port-forward in ASA5510, ASA version 8.3(1) ASDM6.3(1)?
I have spend hours now trying, but I'm still unsuccesfull.
What I want is a simple: "if this particular ip-adress hits the wan interface on this tcp-port redirect to this inside ip-address on this tcp-port.
I have never had any trouble on any other firewall creating something like this, but the ASA is killing me. Please help.
Kind regards Anders
See if this helps,
static (inside,outside) tcp 10.1.2.45 80 10.1.1.16 8080 netmask 255.255.255.255
object network obj-10.1.1.16
nat (inside,outside) static 10.1.2.45 service tcp 8080 www
I'll be more than happy to coonvert your entire configuration just in case you need it
Thanks for the fast response.
It's not a migrated config, but a brandnew box configured from scratch in 8.3
I have search for help in the online help of the box, and tried different howto's, besides just "fooling" around to get it to work, but completely unsuccesfull.
I think I need the exact commands, in order to understand anything of what is going on.
Kind regards Anders
Did the above example of port forwarding commands worked ? what exact config/commands do you need ?
I understand 8.3 is a total somersault in terms of NAT syntax and handling, but once you get accustomed to it you would it will be as easy as a walk in a park
Meanwhile I am sending you a link for 8.3 command structures and different examples:
I tried but here's how it goes.
nat (mgmt,wan) static 193.xxx.xxx.34 service tcp 823 23
ERROR: Address 193.xxx.xxx.34 overlaps with wan interface address.
ERROR: NAT Policy is not downloaded
Please try the following:
Inside host 10.1.1.1
Outside address 188.8.131.52
Outside port HTTP
inside port 8080
object network Inside_server
object network Outside_server
object service Inside_port
service tcp source eq 8080
object service Outside_port
service tcp source eq 80
nat (inside,outside) source static Inside_server Outside_server service
If you want to make it a policy NAT where this should be applicable only for
specific destination, then
object network Outside_dst
nat (inside,outside) source static Inside_server Outside_server destination
static Outside_dst Outside_dst service Inside_port Outside_port
On the outside interface access-list, you need to allow access to the actual
IP of the inside device on the actual port.
access-list outside_access_in permit tcp any host 10.1.1.1 eq 8080
access-group outside_access_in in interface outside
Hope this helps.
Hi, Indrit Qesja
Can you please make a new discussion about your problem with some background information.
It will probably get more/better answers that way.
I can look through your issue when you've posted some background information about that kind of situation you have and what you are trying to accomplish.
I am guessing you are using static nat against your outside interface's IP address (for example 184.108.40.206)
instead of using:
nat (inside,outside) static 220.127.116.11 service tcp 21 21
nat (inside,outside) static interface service tcp 21 21