Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
677
Views
0
Helpful
6
Replies

port redirection in asa

Jonn cos
Level 4
Level 4

‎07-04-2012 03:07 AM - edited ‎03-11-2019 04:26 PM

Hi all,

I am practicing some stuff in asa. I have a host on outside network(a router) which IP is 172.16.1.2. My inside host is 10.1.10.2. Now i just want to achieve this

1) From inside host, when i telnet 200.2.2.2 on port 2200, it should be redirected to 172.16.1.2 on port 23.

Kindly tell me if this is possible using ASA static statement ?

Labels:
0 Helpful
6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

‎07-04-2012 03:23 AM

For version 8.3 and higher:

object network obj-10.1.10.2

   host 10.1.10.2

object network obj-200.2.2.2

   host 200.2.2.2

object network obj-172.16.1.2

   host 172.16.1.2

object service obj-tcp-eq-23

   service tcp destination eq 23

object service obj-tcp-eq-2200

   service tcp destination eq 2200

nat (inside,outside) source static obj-10.1.10.2 obj-10.1.10.2 destination static obj-200.2.2.2 obj-172.16.1.2 service obj-tcp-eq-2200 obj-tcp-eq-23

0 Helpful

Jonn cos
Level 4
Level 4
In response to Jennifer Halim

‎07-04-2012 10:36 PM

Dear Maam,

m really sorry i didnt mention the version number. Its 8.2. Can you pls also tell the config of 8.2 using "static" syntax.

Pls dont mind and kindly tell

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Jonn cos

‎07-05-2012 06:22 AM

Unfortunately that is not supported on ASA version 8.2 and lower.

0 Helpful

superlubis
Level 1
Level 1
In response to Jennifer Halim

‎07-11-2012 06:29 PM

is this mean there is another method beside wccp to redirect some traffic ?

0 Helpful

gouravbathla
Level 1
Level 1
In response to superlubis

‎07-11-2012 11:13 PM

IN 8.2 it is possible if

If your 172.16.1.2 is in your inside network and you are hitting from outside

Then Command will be

The Natting statement for this is

static (inside,outside) tcp 200.2.2.2 2200 172.16.1.2 telnet netmask 255.255.255.255

The access-list configured for permission

access-list outside extended permit tcp any host 172.16.1.2 eq telnet

Access-List is applied on outside interface

access-group outside in interface outside

0 Helpful

nkarthikeyan
Level 7
Level 7

‎07-11-2012 11:52 PM

Hi all,

I  am practicing some stuff in asa. I have a host on outside network(a  router) which IP is 172.16.1.2. My inside host is 10.1.10.2. Now i just  want to achieve this

1) From inside host, when i telnet 200.2.2.2 on port 2200, it should be redirected to 172.16.1.2 on port 23.

Kindly tell me if this is possible using ASA static statement ?

my view:

Inside (10.1.10.2)----> ASA<--Outside--->Rtr---->172.16.1.2..... Here you need to do nat on both the ends.....

because both ASA ouside interface and routers outside interface should be in public ip range as per your scenario..... you need to do nat on ur asa to get 10.1.10.2 to get pat to a public ip and then that public ip will reach the router Public ip and in that router you need to do PAT/NAT to get that translated to the private ip (172.16.1.2).....

Please let me know if my understanding is wrong....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card