Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

one DMZ interface with 3 different Server having different listening ports

i have one DMZ interface with 3 different Server having different listening ports in cisco asa 5510

Navaz
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Yes , you can do it on

 

Yes , you can do it on version 8.2 using Static inside PAT. When we want to allow inbound connectivity to a no. of local servers, using a single global IP address. Remember, of course, that an interface access-list on ASA would still need to be configured to allow such connections. It allows port redirection so that multiple local servers, using unique local ports, can share a single global IP address.

static(DMZ,outside) tcp 125.209.70.90 6080 10.1.1.245 6080 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 443 10.1.1.246 443 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 80 10.1.1.254 80 netmask 255.255.255.255

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 6080

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 443

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 80

HTH

 

"Please rate helpful posts"

7 REPLIES
Silver

what exactly you are trying

what exactly you are trying to achieve

New Member

Deari have one cisco 5510 asa

Dear

i have one cisco 5510 asa and having one inside and one outside interface and one dmz interface.

inside ip:192.168.11.249

outside ip: 125.209.70.90/29

dmz ip: 10.1.1.1/24

in dmz zone i have three servers having ip belo

server1 ip : 10.1.1.245  with listeing port 6080

server2 ip : 10.1.1.246 with listining port 443

server3 ip : 10.1.1.254 with listening port 80 

 

and i want to traslate these ip into outside interface

and want to open these from outside over ther intenet like

125.209.70.90:6080/abc

125.209.70.90:443/xyz

125.209.70.90:80/asd

 

Thanks 

 

Navaz

What version? Try to post as

What version?

 

Try to post as much information as possible on each answer u provide.

 

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

version 8.2

version 8.2

Navaz
Silver

Yes , you can do it on

 

Yes , you can do it on version 8.2 using Static inside PAT. When we want to allow inbound connectivity to a no. of local servers, using a single global IP address. Remember, of course, that an interface access-list on ASA would still need to be configured to allow such connections. It allows port redirection so that multiple local servers, using unique local ports, can share a single global IP address.

static(DMZ,outside) tcp 125.209.70.90 6080 10.1.1.245 6080 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 443 10.1.1.246 443 netmask 255.255.255.255

static(DMZ,outside) tcp 125.209.70.90 80 10.1.1.254 80 netmask 255.255.255.255

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 6080

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 443

access-list OUT_DMZ permit tcp any host 125.209.70.90 eq 80

HTH

 

"Please rate helpful posts"

New Member

Thanks a lot ponam can u send

Thanks a lot ponam can u send also the bat configuration

and outside the internet 125.209.70.90:8888/dhamap its not working

Navaz
New Member

i need to open these

i need to open these below

local server haiving ip 10.1.1.245 with 8888 port at 125.209.70.90:8888/abc 

local server haiving ip 10.1.1.246 with 443 port at 125.209.70.90:443/xyz 

local server haiving ip 10.1.1.254 with 80 port at 125.209.70.90:80/asd

 

Over the internet in 8.2 cisco asa 5510

 

Navaz
218
Views
0
Helpful
7
Replies
CreatePlease to create content