03-09-2014 11:27 PM - edited 03-11-2019 08:55 PM
i have one DMZ interface with 3 different Server having different listening ports in cisco asa 5510
Solved! Go to Solution.
03-11-2014 05:21 AM
Yes , you can do it on version 8.2 using Static inside PAT. When we want to allow inbound connectivity to a no. of local servers, using a single global IP address. Remember, of course, that an interface access-list on ASA would still need to be configured to allow such connections. It allows port redirection so that multiple local servers, using unique local ports, can share a single global IP address.
static(DMZ,outside) tcp 125.209.70.90 6080 10.1.1.245 6080 netmask 255.255.255.255
static(DMZ,outside) tcp 125.209.70.90 443 10.1.1.246 443 netmask 255.255.255.255
static(DMZ,outside) tcp 125.209.70.90 80 10.1.1.254 80 netmask 255.255.255.255
access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 6080
access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 443
access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 80
HTH
"Please rate helpful posts"
03-10-2014 04:49 AM
what exactly you are trying to achieve
03-10-2014 09:30 PM
Dear
i have one cisco 5510 asa and having one inside and one outside interface and one dmz interface.
inside ip:192.168.11.249
outside ip: 125.209.70.90/29
dmz ip: 10.1.1.1/24
in dmz zone i have three servers having ip belo
server1 ip : 10.1.1.245 with listeing port 6080
server2 ip : 10.1.1.246 with listining port 443
server3 ip : 10.1.1.254 with listening port 80
and i want to traslate these ip into outside interface
and want to open these from outside over ther intenet like
125.209.70.90:6080/abc
125.209.70.90:443/xyz
125.209.70.90:80/asd
Thanks
03-10-2014 10:01 PM
What version?
Try to post as much information as possible on each answer u provide.
Regards
03-10-2014 10:17 PM
version 8.2
03-11-2014 05:21 AM
Yes , you can do it on version 8.2 using Static inside PAT. When we want to allow inbound connectivity to a no. of local servers, using a single global IP address. Remember, of course, that an interface access-list on ASA would still need to be configured to allow such connections. It allows port redirection so that multiple local servers, using unique local ports, can share a single global IP address.
static(DMZ,outside) tcp 125.209.70.90 6080 10.1.1.245 6080 netmask 255.255.255.255
static(DMZ,outside) tcp 125.209.70.90 443 10.1.1.246 443 netmask 255.255.255.255
static(DMZ,outside) tcp 125.209.70.90 80 10.1.1.254 80 netmask 255.255.255.255
access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 6080
access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 443
access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 80
HTH
"Please rate helpful posts"
03-11-2014 11:30 PM
Thanks a lot ponam can u send also the bat configuration
and outside the internet 125.209.70.90:8888/dhamap its not working
03-11-2014 11:35 PM
i need to open these below
local server haiving ip 10.1.1.245 with 8888 port at 125.209.70.90:8888/abc
local server haiving ip 10.1.1.246 with 443 port at 125.209.70.90:443/xyz
local server haiving ip 10.1.1.254 with 80 port at 125.209.70.90:80/asd
Over the internet in 8.2 cisco asa 5510
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: