Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Policy NAT question

Can this be done?

I have an internal web server behind an ASA 5510 w. 8.2 firmware

I can do the regular outside to inside NATting just fine but now a new requirement has come up that when the port 80 connect comes in from a specific subnet out on the Internet, it needs to be redirected to port 8080 of the inside host.  All other subnets continue to have the regular NAT

Is this something that can be done with policy NAT?

I can create an access list

  access-list BADGUYS permit tcp 128.233.0.0 255.255.0.0 host 123.45.67.89 eq 80

which defines the rule that matches BADGUYS

and my regular NAT rule

   static (inside,outside) tcp interface 80 192.168.1.99 80 netmask 255.255.255.255

which works just fine

but how do I get the policy NAT statement to redirect to port 8080 when access-list BADGUYS is matched?

Everyone's tags (4)
1 REPLY
Cisco Employee

Re: ASA Policy NAT question

Nope can't do with 8.2. due to this

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCso79009

I belive you can do this with 8.3 nat though.

-KS

511
Views
0
Helpful
1
Replies
CreatePlease to create content