Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
5
Replies

Port Forward to Different devices 1 IP

Go to solution
Roger Richards
Level 1
Level 1

‎09-26-2013 08:53 AM - edited ‎03-11-2019 07:44 PM

Gooood day,

I would like to forward traffice to serval devices behind my asa...

Outside 10.10.10.2

ie 10.20.61.4, Object4

10.20.615    Object5

10.20.616  Object6

access-list Outside_access_in extended permit tcp any Obect4 eq 6894

access-list Outside_access_in extended permit tcp any Obect4 eq 6895

need to know if this is possible

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Kelvin Willacey
Level 4
Level 4

‎09-26-2013 10:45 AM

It is possible but you will also need a static pat. Assuming you are using the interface IP of outside, the following should work:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 6894 6894

object network Object4_6895

host 10.20.61.4

nat (inside,outside) static interface service tcp 6895 6895

View solution in original post

0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to Roger Richards

‎09-26-2013 12:30 PM

Hi Roger,

You'd then do something like this:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 5402 6894

object network Object5_6895

host 10.20.61.5

nat (inside,outside) static interface service tcp 5402 6895

object network Object6_6896

host 10.20.61.6

nat (inside,outside) static interface service tcp 5402 6896

This config would allow all your internal servers to have the same port (5402), but someone from outside would contact them on different ports (6894-6896).

Is this what you were looking for?

View solution in original post

0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to Roger Richards

‎09-26-2013 01:20 PM

ACLs would have 5402 (the original port number)

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kelvin Willacey
Level 4
Level 4

‎09-26-2013 10:45 AM

It is possible but you will also need a static pat. Assuming you are using the interface IP of outside, the following should work:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 6894 6894

object network Object4_6895

host 10.20.61.4

nat (inside,outside) static interface service tcp 6895 6895

0 Helpful

Go to solution
Roger Richards
Level 1
Level 1
In response to Kelvin Willacey

‎09-26-2013 12:16 PM

Im sorry, let change that,  I realize that what we need is somethig a little different

We have only one port number but would like to access three different time clocks. port number is 5402

Outside 10.10.10.102. can we do something like this example attached.

http://www.noip.com/support/knowledgebase/multiple-servers-behind-a-nat-router/

0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to Roger Richards

‎09-26-2013 12:30 PM

Hi Roger,

You'd then do something like this:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 5402 6894

object network Object5_6895

host 10.20.61.5

nat (inside,outside) static interface service tcp 5402 6895

object network Object6_6896

host 10.20.61.6

nat (inside,outside) static interface service tcp 5402 6896

This config would allow all your internal servers to have the same port (5402), but someone from outside would contact them on different ports (6894-6896).

Is this what you were looking for?

0 Helpful

Go to solution
Roger Richards
Level 1
Level 1
In response to Xavier Lloyd

‎09-26-2013 01:04 PM

Ok....

so ACL would like?

access-list outside_access_in extended permit tcp any Object4_6894 eq 5402?and the like for others?

or

access-list outside_access_in extended permit tcp any Object4_6894 eq 6894


0 Helpful

Go to solution
Xavier Lloyd
Level 1
Level 1
In response to Roger Richards

‎09-26-2013 01:20 PM

ACLs would have 5402 (the original port number)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card