Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Need help with port forwarding on ASA




How do I achieve this port forwarding on ASA 5505.. Here is the situation

I have one host on inside lan

Host IP:

Outside ip: (just an example)


So if a user from outside ssh into port, I want that traffic to go to 

and if another user from outside ssh into port, I want that traffic to go to 


So basically when outside users connects to an IP on two different ports, I want that traffic to go to same host on same port number


Here is what I tried and I get "duplicate entry" error and it wont let me enter the second line


static(inside,outside)  tcp 557 22

static (inside,outside) tcp 7111 22 <---This line fails


Please help


Hi avashifa09, What comes to


What comes to my mind right now is what if you upgrade to 8.3 or up and try port forwarding with objects (object network and object service)

I haven't tried yet this on my lab , so it may work or not...

Example of the config:


Object service telnet

service tcp destination eq telnet

object service portx

service tcp destination eq 9999

nat (out,DMZ) source static any any destination static interface dmzserver service portx telnet


Hope this helps.

Community Member

8.3 or high version supports

8.3 or high version supports this.. I was able to achieve it by upgrading to 8.3 or higher version. Sorry about posting this late


Here is the configuration

Here is the configuration that you need:


access-list ssh_557 permit tcp host eq 22 any

access-list ssh_7111 permit tcp host eq 22 any


static (inside,outside)   tcp 557 access-list ssh_557

static (inside,outside)  tcp 7111 access-list ssh_7111


ciscoasa(config)# show xlate detail

2 in use, 2 most used
Flags: D - DNS, d - dump, I - identity, i - dynamic, n - no random,
       r - portmap, s - static

TCP PAT from inside: to outside(ssh_557): flags sr

TCP PAT from inside: to outside(ssh_7111): flags sr

Value our effort and rate the assistance!
CreatePlease to create content