Solved: nat/pat asa 5505 asdm ver 8.4

freddie975 · ‎11-14-2011

hi all,

i have a problem with portfoarwarding on asa 5505.

i have this situation:

internet ---> pubblic ip address-> router albacom -- 10.0.0.15 ---> -nat farward port 80--10.0.0.1 -outside -firewall asa -inside - 192.168.0.1------------server web 192.168.0.99

the server is not in dmz but it's on the lan network

my user must connect from internet, with any browser http://albacom_pubblic_address and router albacom and then asa firewall must nat and farward the port 80 on server web 192.168.0.99

any idea or tutorial

ths, best regards

varrao · ‎11-14-2011

Hi Luca,

On the outside interafce we woudl need the ACl:

access-list outside_access_in permit tcp any host 192.168.0.99 eq 80

access-group outside_access_in in interface outside

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎11-14-2011

Hi Luca,

On the ASA, you would need the following:

object network server_ip

host 192.168.0.99

object service tcp_80

service tcp destination eq 80

nat (outside,inside) source static any any destination static interface server_ip service tcp_80 tcp_80

That would port forward all the request coming on port 80 on the outside interface of the firewall, to your internal server on port 80.

Hope that helps

Thanks,

Varun

Thanks,
Varun Rao

freddie975 · ‎11-14-2011

any ACLs need or not?

varrao · ‎11-14-2011

Hi Luca,

On the outside interafce we woudl need the ACl:

access-list outside_access_in permit tcp any host 192.168.0.99 eq 80

access-group outside_access_in in interface outside

Thanks,

Varun

Thanks,
Varun Rao

freddie975 · ‎11-14-2011

ok i test the command

ths a lot

freddie975 · ‎11-14-2011

ths Varun, the configuration works!

bye mate