Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Policy NAT question

Can this be done?

I have an internal web server behind an ASA 5510 w. 8.2 firmware

I can do the regular outside to inside NATting just fine but now a new requirement has come up that when the port 80 connect comes in from a specific subnet out on the Internet, it needs to be redirected to port 8080 of the inside host.  All other subnets continue to have the regular NAT

Is this something that can be done with policy NAT?

I can create an access list

  access-list BADGUYS permit tcp host eq 80

which defines the rule that matches BADGUYS

and my regular NAT rule

   static (inside,outside) tcp interface 80 80 netmask

which works just fine

but how do I get the policy NAT statement to redirect to port 8080 when access-list BADGUYS is matched?

Everyone's tags (4)
Cisco Employee

Re: ASA Policy NAT question

Nope can't do with 8.2. due to this

I belive you can do this with 8.3 nat though.


CreatePlease to create content