Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port forwarding on PIX and ASA

Hello

I would like to get a second opinion if the below config will work on Cisco PIX or ASA on 7.0 version. Basically configuring the port forwarding to different servers on a LAN on port www on different public IPs

interface Ethernet0/0
nameif outside
security-level 0
ip address 11.12.13.10 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.0.5.2 255.255.255.0
nat (inside) 1 10.0.5.0 255.255.255.0
global (outside) 1 interface
route outside 0.0.0.0 0.0.0.0 11.12.13.14
access-list outside_in extended permit tcp any host 11.12.13.10 eq www
static (inside,outside) tcp 11.12.13.10 www 10.0.5.12 www netmask 255.255.255.255
access-list outside_in extended permit tcp any host 11.12.13.11 eq www
static (inside,outside) tcp 11.12.13.11 www 10.0.5.22 www netmask 255.255.255.255

So this would be routing via second WAN IP 11.12.13.11 to same port www and forward to a different server 10.0.5.22

Thank you

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Port forwarding on PIX and ASA

Hi,

This configuration will work fine.

You're redirecting web port 80 traffic when it hits IP 11.12.13.10 to internal IP 10.0.5.12 and also redirecting www when it hits IP 11.12.13.11 to 10.0.5.22

Just make sure that DNS is configured correctly to resolve the correct IPs and that web traffic reaching 11.12.13.10 is really intended for 10.0.5.12 and web traffic reaching 11.12.13.11 is really intended for 10.0.5.22

Let me know.

Federico.

Cisco Employee

Re: Port forwarding on PIX and ASA

If your goal is to forward TCP port 80 for 11.12.13.10 to 10.0.5.12 and 11.12.13.11 to 10.0.5.22 then this should work fine.

If using ASA code 7.2(1) and above you can use the packet tracer command to test your configs.

packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]

packet-tracer input outside tcp 4.1.1.1 1024 11.12.13.10 80 detailed

packet-tracer input outside tcp 4.1.1.1 1024 11.12.13.11 80 detailed

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1878788

Cisco Employee

Re: Port forwarding on PIX and ASA

For the packet-tracer instead of  CLI you can also use your ASDM (above 7.2(x) ).

Just access your ASA using ASDM, --> rollover TOOLS--> Click on packet-tracer and set the packet parameters you want to simulate.

HTH

Vijaya

5 REPLIES

Re: Port forwarding on PIX and ASA

Hi,

This configuration will work fine.

You're redirecting web port 80 traffic when it hits IP 11.12.13.10 to internal IP 10.0.5.12 and also redirecting www when it hits IP 11.12.13.11 to 10.0.5.22

Just make sure that DNS is configured correctly to resolve the correct IPs and that web traffic reaching 11.12.13.10 is really intended for 10.0.5.12 and web traffic reaching 11.12.13.11 is really intended for 10.0.5.22

Let me know.

Federico.

New Member

Re: Port forwarding on PIX and ASA

I appreciate all your responses. I tested it and and worked. Thank you

Cisco Employee

Re: Port forwarding on PIX and ASA

If your goal is to forward TCP port 80 for 11.12.13.10 to 10.0.5.12 and 11.12.13.11 to 10.0.5.22 then this should work fine.

If using ASA code 7.2(1) and above you can use the packet tracer command to test your configs.

packet-tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]

packet-tracer input outside tcp 4.1.1.1 1024 11.12.13.10 80 detailed

packet-tracer input outside tcp 4.1.1.1 1024 11.12.13.11 80 detailed

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/p.html#wp1878788

Cisco Employee

Re: Port forwarding on PIX and ASA

For the packet-tracer instead of  CLI you can also use your ASDM (above 7.2(x) ).

Just access your ASA using ASDM, --> rollover TOOLS--> Click on packet-tracer and set the packet parameters you want to simulate.

HTH

Vijaya

Re: Port forwarding on PIX and ASA

Hi,

Configuring Port forwarding in cisco PIX/ASA check out the below link hope this help out your query !!

http://i.i.com.com/cnwk.1d/i/tr/downloads/home/1587052148_chapter_5.pdf

Regards

Ganesh.H

2112
Views
0
Helpful
5
Replies