Solved: Yes , you can do it on

Navaz Wattoo · ‎03-09-2014

i have one DMZ interface with 3 different Server having different listening ports in cisco asa 5510

Navaz

Poonam Garg · ‎03-11-2014

Yes , you can do it on version 8.2 using Static inside PAT. When we want to allow inbound connectivity to a no. of local servers, using a single global IP address. Remember, of course, that an interface access-list on ASA would still need to be configured to allow such connections. It allows port redirection so that multiple local servers, using unique local ports, can share a single global IP address.

static(DMZ,outside) tcp 125.209.70.90 6080 10.1.1.245 6080 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 443 10.1.1.246 443 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 80 10.1.1.254 80 netmask 255.255.255.255

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 6080

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 443

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 80

HTH

"Please rate helpful posts"

View solution in original post

Poonam Garg · ‎03-10-2014

what exactly you are trying to achieve

Navaz Wattoo · ‎03-10-2014

Dear

i have one cisco 5510 asa and having one inside and one outside interface and one dmz interface.

inside ip:192.168.11.249

outside ip: 125.209.70.90/29

dmz ip: 10.1.1.1/24

in dmz zone i have three servers having ip belo

server1 ip : 10.1.1.245 with listeing port 6080

server2 ip : 10.1.1.246 with listining port 443

server3 ip : 10.1.1.254 with listening port 80

and i want to traslate these ip into outside interface

and want to open these from outside over ther intenet like

125.209.70.90:6080/abc

125.209.70.90:443/xyz

125.209.70.90:80/asd

Thanks

Navaz

Julio Carvajal · ‎03-10-2014

What version?

Try to post as much information as possible on each answer u provide.

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Navaz Wattoo · ‎03-10-2014

version 8.2

Navaz

Poonam Garg · ‎03-11-2014

Yes , you can do it on version 8.2 using Static inside PAT. When we want to allow inbound connectivity to a no. of local servers, using a single global IP address. Remember, of course, that an interface access-list on ASA would still need to be configured to allow such connections. It allows port redirection so that multiple local servers, using unique local ports, can share a single global IP address.

static(DMZ,outside) tcp 125.209.70.90 6080 10.1.1.245 6080 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 443 10.1.1.246 443 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 80 10.1.1.254 80 netmask 255.255.255.255

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 6080

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 443

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 80

HTH

"Please rate helpful posts"

Navaz Wattoo · ‎03-11-2014

Thanks a lot ponam can u send also the bat configuration

and outside the internet 125.209.70.90:8888/dhamap its not working

Navaz

Navaz Wattoo · ‎03-11-2014

i need to open these below

local server haiving ip 10.1.1.245 with 8888 port at 125.209.70.90:8888/abc

local server haiving ip 10.1.1.246 with 443 port at 125.209.70.90:443/xyz

local server haiving ip 10.1.1.254 with 80 port at 125.209.70.90:80/asd

Over the internet in 8.2 cisco asa 5510

Navaz