Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Forward to Different devices 1 IP

Gooood day,

I would like to forward traffice to serval devices behind my asa...

Outside 10.10.10.2

ie 10.20.61.4, Object4

10.20.615    Object5

10.20.616  Object6

access-list Outside_access_in extended permit tcp any Obect4 eq 6894

access-list Outside_access_in extended permit tcp any Obect4 eq 6895

need to know if this is possible

3 ACCEPTED SOLUTIONS

Accepted Solutions

Port Forward to Different devices 1 IP

It is possible but you will also need a static pat. Assuming you are using the interface IP of outside, the following should work:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 6894 6894

object network Object4_6895

host 10.20.61.4

nat (inside,outside) static interface service tcp 6895 6895

New Member

Port Forward to Different devices 1 IP

Hi Roger,

You'd then do something like this:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 5402 6894

object network Object5_6895

host 10.20.61.5

nat (inside,outside) static interface service tcp 5402 6895

object network Object6_6896

host 10.20.61.6

nat (inside,outside) static interface service tcp 5402 6896

This config would allow all your internal servers to have the same port (5402), but someone from outside would contact them on different ports (6894-6896).

Is this what you were looking for?

New Member

Port Forward to Different devices 1 IP

ACLs would have 5402 (the original port number)

5 REPLIES

Port Forward to Different devices 1 IP

It is possible but you will also need a static pat. Assuming you are using the interface IP of outside, the following should work:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 6894 6894

object network Object4_6895

host 10.20.61.4

nat (inside,outside) static interface service tcp 6895 6895

New Member

Port Forward to Different devices 1 IP

Im sorry, let change that,  I realize that what we need is somethig a little different

We have only one port number but would like to access three different time clocks. port number is 5402

Outside 10.10.10.102. can we do something like this example attached.

http://www.noip.com/support/knowledgebase/multiple-servers-behind-a-nat-router/

New Member

Port Forward to Different devices 1 IP

Hi Roger,

You'd then do something like this:

object network Object4_6894

host 10.20.61.4

nat (inside,outside) static interface service tcp 5402 6894

object network Object5_6895

host 10.20.61.5

nat (inside,outside) static interface service tcp 5402 6895

object network Object6_6896

host 10.20.61.6

nat (inside,outside) static interface service tcp 5402 6896

This config would allow all your internal servers to have the same port (5402), but someone from outside would contact them on different ports (6894-6896).

Is this what you were looking for?

New Member

Port Forward to Different devices 1 IP

Ok....

so ACL would like?

access-list outside_access_in extended permit tcp any Object4_6894 eq 5402?and the like for others?

or

access-list outside_access_in extended permit tcp any Object4_6894 eq 6894


New Member

Port Forward to Different devices 1 IP

ACLs would have 5402 (the original port number)

172
Views
0
Helpful
5
Replies
CreatePlease login to create content