Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Forwarding for portal Access

May be a simple question for someone, but I need to see if anyone can give me the syntax for a port forward.

I need to forward port 55443 to an internal address ( lets call it 15.15.15.15) from two outside ip's ( 5.5.5.5 and 6.6.6.6)

These addresses need to see the server IP address (15.15.15.15) only and nothing else.

Can someone please give me the syntax or an example of the syntax to make the changes in my device? It is an ASA 5510

Thanks for hte help

-Jon

  • Firewalling
2 ACCEPTED SOLUTIONS

Accepted Solutions

Port Forwarding for portal Access

Hello Jon

What version are you running? Lets say it is 8.2

Static (inside,outside) tcp 5.5.5.5 55443 15.15.15.15 55443

access-list test permit tcp  host 15.15.15.15 eq 54443 any

static(inside,outside) tcp 6.6.6.6 55443 access-list test

Remember to create the ACLs on the outside.

Give it a try and let me know if you need more help.

Please rate helpful posts,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com

Port Forwarding for portal Access

Hello Jon,

They are two separate entries as I showed you on config terminal mode:

Object network Primary_Public

host  5.5.5.5

Let me know if you still unable to do it like that.

Regards,

Do rate helpful posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
9 REPLIES

Port Forwarding for portal Access

Hello Jon

What version are you running? Lets say it is 8.2

Static (inside,outside) tcp 5.5.5.5 55443 15.15.15.15 55443

access-list test permit tcp  host 15.15.15.15 eq 54443 any

static(inside,outside) tcp 6.6.6.6 55443 access-list test

Remember to create the ACLs on the outside.

Give it a try and let me know if you need more help.

Please rate helpful posts,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Port Forwarding for portal Access

Julio,

   The ASA version is 8.3(1).

    Would this make a difference inthe syntax that you listed above?

Thanks

for the help.

-Jon

Port Forwarding for portal Access

Hello Jon,

Yes, the syntax would be completely different:

Object network Primary_Public

host  5.5.5.5

Object network Secondary_Public

host 6.6.6.6

Object network Internal_host

host 15.15.15.15

Object service port_55443

service tcp source eq 55443

nat (inside,outside) source static Internal_host Primary_Public service port_55443 port_55443

nat (inside,outside) source static Internal_host Secondary_Public service port_55443 port_55443

Please rate helpful posts

Kind regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Port Forwarding for portal Access

Julio

I tried entering the syntax you gave above, but it keeps hitting an error code at The "host" keyword of the line

     Object network Primary_Public host  5.5.5.5.

What access level do I need to be in to enter the syntax? I tried it in configuration term, do i need to be higher or in a different config mode?

Are the lines "Object network Primary_Public

host  5.5.5.5"

two seperate entries lines or should they be entered as one line?

thanks

--Jon

Port Forwarding for portal Access

Hello Jon,

They are two separate entries as I showed you on config terminal mode:

Object network Primary_Public

host  5.5.5.5

Let me know if you still unable to do it like that.

Regards,

Do rate helpful posts

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Port Forwarding for portal Access

Thank you  Julio

Now the only problem that I have is it is catching on the first port number for the following statement:

nat (inside,outside) source static Internal_host Primary_Public service port_55443 port_55443

Is this supposed to be a 2 line statement as well?

-Jon

Port Forwarding for portal Access

Hello Jon,

No, the Nat statements on 8.3 and prior versions are made of just one line (Great improvement).

Now that you have created the nat statement you just need the ACL pointing to the real ip address of the server, this becuase Nat is checked before the ACL on 8.3 and prior versions.

Do please rate helpful posts.

Regards,

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Port Forwarding for portal Access

Julio

I can't get the nat statement to enter. it errors out at the port number.

If I get the nat statement in, is there another statement for the ACL? What would the syntax for that be?

-Jon

New Member

Port Forwarding for portal Access

Julio,

Here is the error that I get back:

nat(inside,outside) source static Internal_host Primary_Public service port_5544   ^3 port_55443

ERROR: % Invalid input detected at '^' marker.

654
Views
5
Helpful
9
Replies