Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

portforward on asa 5505

Hello, i have a problem setting up portforwarding on a asa 5505

I want to get tcp port 2051 on the outside to be forwarded to 192.168.6.10 on the inside and i have the following config:

ASA Version 7.2(4)

interface Vlan1

nameif inside

security-level 100

ip address 192.168.6.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 195.81.121.246 255.255.255.252

!

interface Ethernet0/0

switchport access vlan 2

!

access-list inside_nat0_outbound extended permit ip any any

access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 any

access-list outside_access_in extended permit ip any interface outside

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 2051 192.168.6.10 2051 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 195.81.121.245 1

dhcpd auto_config outside

!

dhcpd address 192.168.6.90-192.168.6.99 inside

dhcpd dns 192.168.6.1 interface inside

dhcpd enable inside

!

It seems that is constantly blocked by an ACL but i can't figure out the right config, could you give me some input?

4 REPLIES
Cisco Employee

Re: portforward on asa 5505

static (INSIDE,OUTSIDE) tcp interface 2051 192.168.6.10 2051

no access-list outside_access_in extended permit ip any interface outside


access-list outside_access_in extended permit tcp any host 195.81.121.246 eq 2051


access-group outside_access_in in interface OUTSIDE


let meknow if it works

New Member

Re: portforward on asa 5505

static (INSIDE,OUTSIDE) tcp interface 2051 192.168.6.10 2051

no access-list outside_access_in extended permit ip any interface outside

access-list outside_access_in extended permit tcp any host 195.81.121.246 eq 2051

access-list outside_access_in extended permit ip any any

access-group outside_access_in in interface OUTSIDE

tray that's, it's work for me.

Good luck

New Member

Re: portforward on asa 5505

down the security level at Vlan1

from 100 to a low.

example: 90

Cisco Employee

Re: portforward on asa 5505

WHY??

318
Views
1
Helpful
4
Replies