Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

port redirection in asa

Hi all,

I am practicing some stuff in asa. I have a host on outside network(a router) which IP is 172.16.1.2. My inside host is 10.1.10.2. Now i just want to achieve this

1) From inside host, when i telnet 200.2.2.2 on port 2200, it should be redirected to 172.16.1.2 on port 23.

Kindly tell me if this is possible using ASA static statement ?

Everyone's tags (3)
6 REPLIES
Cisco Employee

port redirection in asa

For version 8.3 and higher:

object network obj-10.1.10.2

   host 10.1.10.2

object network obj-200.2.2.2

   host 200.2.2.2

object network obj-172.16.1.2

   host 172.16.1.2

object service obj-tcp-eq-23

   service tcp destination eq 23

object service obj-tcp-eq-2200

   service tcp destination eq 2200

nat (inside,outside) source static obj-10.1.10.2 obj-10.1.10.2 destination static obj-200.2.2.2 obj-172.16.1.2 service obj-tcp-eq-2200 obj-tcp-eq-23

New Member

port redirection in asa

Dear Maam,

m really sorry i didnt mention the version number. Its 8.2. Can you pls also tell the config of 8.2 using "static" syntax.

Pls dont mind and kindly tell

Cisco Employee

port redirection in asa

Unfortunately that is not supported on ASA version 8.2 and lower.

New Member

port redirection in asa

is this mean there is another method beside wccp to redirect some traffic ?

New Member

port redirection in asa

IN 8.2 it is possible if

If your 172.16.1.2 is in your inside network and you are hitting from outside

Then Command will be

The Natting statement for this is

static (inside,outside) tcp 200.2.2.2 2200 172.16.1.2 telnet netmask 255.255.255.255

The access-list configured for permission

access-list outside extended permit tcp any host 172.16.1.2 eq telnet

Access-List is applied on outside interface

access-group outside in interface outside

port redirection in asa

Hi all,

I  am practicing some stuff in asa. I have a host on outside network(a  router) which IP is 172.16.1.2. My inside host is 10.1.10.2. Now i just  want to achieve this

1) From inside host, when i telnet 200.2.2.2 on port 2200, it should be redirected to 172.16.1.2 on port 23.

Kindly tell me if this is possible using ASA static statement ?

my view:

Inside (10.1.10.2)----> ASA<--Outside--->Rtr---->172.16.1.2..... Here you need to do nat on both the ends.....

because both ASA ouside interface and routers outside interface should be in public ip range as per your scenario..... you need to do nat on ur asa to get 10.1.10.2 to get pat to a public ip and then that public ip will reach the router Public ip and in that router you need to do PAT/NAT to get that translated to the private ip (172.16.1.2).....

Please let me know if my understanding is wrong....

379
Views
0
Helpful
6
Replies