Port forwarding using outside interface - ASA with 8.3.1
I am struggling badly on figuring out how to port forward ftp service to one of my internal box when outside interface is using dhcp. It was very easy with earlier version of code but the new syntax of 8.3.1 is throwing me off totally. Neither there is a good example in documentation for command line and neither the ASDM configuration pushes off either.
Goal: Inbound ftp request to outside interface needs to be forwarded to 172.20.100.11 on inside host.
Can somebody help out with correct syntax? OR should I downgrade to previous version of code?
Re: Port forwarding using outside interface - ASA with 8.3.1
That old syntax and does not work with 8.3.1 code at all. That's my frustration. Static command is removed from 8.3.1.
In past when cisco deprecated some commands, the OS automatically converted the command syntax if old commands were typed. In this case, it complains that command has been deprecated but doesn't do conversion or point out right syntax.
See output below.
ASA(config)# static (inside,outside) tcp interface 21 172.20.100.11 21 ERROR: This syntax of nat command has been deprecated. Please refer to "help nat" command for more details.
Needless to say that "help nat" command or the product documentation doesn't show a good example of how to achieve it. It shows how to do port forwarding using dedicated IP but nothing shows how to do with outside interface it self.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...