Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help with port forwarding

Hi All,

Need help configuring the ASA 5510 for port forwarding.

I would like to configure the ASA5510 to open port 12345 and forward the traffic to a machine

behind the ASA, which has a IP address of 192.168.1.2.

Thank you!

David

2 ACCEPTED SOLUTIONS

Accepted Solutions
Red

Need help with port forwarding

What is teh public ip that you have, lets say it is the ASA outside interafce, then:

static (inside,outside) tcp interface 12345 192.168.1.2 12345

and then open the ACL:

access-list outside_access_in permit tcp any interface outside eq 12345

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC

Need help with port forwarding

Hello David,

Varun configuration's is perfect so please mark the question as answered on Varun's reply so future users can learn from your problem.

Now if you want to verifiy the Nat statements you can do a :

Show run static

In order to verifiy is the configuration you placed on your router is the one need it I would recomend you to do a packet-tracer:

packet-tracer input outside tcp 4.2.2.2 1025 interface_ip_address 12345

This will  lead you to all the steps the ASA takes to inspect and determine if a packet is secure or not.

Regards,

DO rate all the helpful posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
5 REPLIES
Red

Need help with port forwarding

What is teh public ip that you have, lets say it is the ASA outside interafce, then:

static (inside,outside) tcp interface 12345 192.168.1.2 12345

and then open the ACL:

access-list outside_access_in permit tcp any interface outside eq 12345

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708b4.shtml

Hope that helps.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Need help with port forwarding

Thanks,

Yes, it's the ASA's outside interface. 

David

Red

Need help with port forwarding

Then the configuration that i have provided is the correct one, and you can also reference the doc.

Thanks,

Varun

Thanks, Varun Rao Security Team, Cisco TAC
New Member

Need help with port forwarding

Thanks again.

One more question, how do I verify it on the ASA 5510?

David

Need help with port forwarding

Hello David,

Varun configuration's is perfect so please mark the question as answered on Varun's reply so future users can learn from your problem.

Now if you want to verifiy the Nat statements you can do a :

Show run static

In order to verifiy is the configuration you placed on your router is the one need it I would recomend you to do a packet-tracer:

packet-tracer input outside tcp 4.2.2.2 1025 interface_ip_address 12345

This will  lead you to all the steps the ASA takes to inspect and determine if a packet is secure or not.

Regards,

DO rate all the helpful posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
308
Views
0
Helpful
5
Replies
CreatePlease login to create content